Zoli is right. Usage of a specific object type in a method signature is irrelevant to security. In fact, you do not even need to know AMF to do it. One could easily use something like ServiceCapture to understand the structure of the argument type then construct a similar object and run it a local Flex/Flash movie with unrestricted security. Essentially it means that a gateway must safeguard against such malicious attacks. Our implementation (weborb) does it quite well.
Cheers, Mark --- In [email protected], "Zoltan Csibi" <[EMAIL PROTECTED]> wrote: > > > What I mean is: if I can sniff what typed VO an application is receiving, I > can "craft" an AMF packet with: > - call to "deleteUser" > - the same VO "type" (simplified: as we know that this is just a string of > the class name followed by other strings describing property names and other > binary data with property values etc etc etc) > > The gateway (fluorine, openamf, fds ... anything) will see a "valid" > object/type. There is no type-coercion error here. > > This is an easy task to do with AMF knowledge. > > > Bottom line: I don't think that passing simple types, untyped VOs or typed > VOs makes any difference from security point of view. > > > Mit freundlichem Gruß, > Zoli > > > > ________________________________ > > From: [email protected] [mailto:[EMAIL PROTECTED] On > Behalf Of Patrick Mineault > Sent: Thursday, January 18, 2007 6:29 PM > To: [email protected] > Subject: Re: [flexcoders] AMFPHP & Security > > > > Wouldn't Fluorine and OpenAMF throw a type-coercion error, given that > the first argument is typed? Of course, the code in the constructor > would be called anyways. > > Patrick >
