I think this is huge problem, anyone had any idea to fix this or best way to don't let bad users access the methods?
--- In flexcoders@yahoogroups.com, "danielvlopes" <[EMAIL PROTECTED]> wrote: > > Understand, i thinking create session in PHP and when flex comunicate > to php send the session to check if this session really exist em PHP > but i thinking those ways are little strange, i think this problem > should be handle in amfphp and not in my code... > > In amfphp 1.2 we had way to create password for access methods, it's > not possible to make in 1.9? > > --- In flexcoders@yahoogroups.com, Adnan Doric <astronaute@> wrote: > > > > danielvlopes wrote: > > > Hello, i'm using amfphp 1.9 beta2 to make comunication between php and > > > flex, but i had some question about security when use amfphp... > > > > > > If someone discover the name of my methods in my classes inside > > > services amfphp folder and point your flex app to my gateway using > > > absolut path the invader can use my methods. > > > > > > Exist some way to use password to use gateway or don't accept absolute > > > paths or better way to fix this problem??? > > > > > > Thanks. > > > > > > > > > > > Hello, > > > > You can use MD5 or SHA1 from corelib for example to generate a unique > > key to be recognized on PHP side. You should use PHP sessions too so > you > > can store session id in database and pass session id to flex using > > flashvars (just an example). > > > > cheers, > > Adnan > > >
