See also this section of the Flex Builder manual: Configuring the Proxy Service
Seems to indicate SSL can be used however I have not yet developed a need to do so myself. I would be very surprised if Flex Builder 2 did not support the use of SSL as it would have been silly to produce Flex had Adobe not crossed this particular "t" along with having dotted the "i"'s, so to speak. ----- Original Message ---- From: André Rodrigues Pena <[EMAIL PROTECTED]> To: [email protected] Sent: Thursday, April 5, 2007 1:55:11 PM Subject: Re: [flexcoders] Re: User authentication Guys.. I appreciate all your help. I could realize how many possibilities there are regarding authentication. My question now is: How can I secure my HTTPService? Is there some HTTPSService? What do I do to work with SSL? Or even.. if I send user name and password through an unprotected HTTPService. What are the chances of my data to be intercepted? On 05 Apr 2007 13:10:28 -0700, Ray Horn <[EMAIL PROTECTED] net> wrote: Yes, but there is an advantage to working with HTTPService destinations that are Session-Less as well as Connection-less. Reliance upon a server-side Session only works to weaken the usefulness of web based service providers. ----- Original Message ---- From: Samuel R. Neff <srneff.lists@ gmail.com> To: [email protected] Sent: Thursday, April 5, 2007 12:20:37 PM Subject: RE: [flexcoders] Re: User authentication You don't need to bother with HTTPS or encryption if you use a challenge-response methodology. For that simple Hashing will do (AS3 corelib has a SHA256 implementation among others). Servers sends random text challenge to client. Client responds back with hashed combo of random text and the password, along with username. Server confirms both know the same thing by comparing hashes without ever sending the password over the wire. Pretty simple to implement. Also depending on the application server you may not need to bother with generating a session token and storing/passing it. For example with ASP.NET all HTTPService and RemoteObject calls are within the context of a user session so on the server side we can use the built-in Session support with no custom coding. Sam ------------ --------- --------- --------- ---- We're Hiring! Seeking a passionate developer to join our team building Flex based products. Position is in the Washington D.C. metro area. If interested contact [EMAIL PROTECTED] l.com -- André Rodrigues Pena LOCUS www.locus.com. br Blog www.techbreak. org
