I found this topic in sephirot forum, http://www.sephiroth.it/phpBB/showthread.php?t=7966, they said use authenticate class in beforefilter amfphp function, i try look on this class in my amfphp folder but i don't understand how use... everything i found about authenticate in amfphp is for amfphp 1.2 and i using 1.9beta 2 .
Anyone can help? --- In [email protected], "danielvlopes" <[EMAIL PROTECTED]> wrote: > > I think this is huge problem, anyone had any idea to fix this or best > way to don't let bad users access the methods? > > --- In [email protected], "danielvlopes" <danielvlopes@> > wrote: > > > > Understand, i thinking create session in PHP and when flex comunicate > > to php send the session to check if this session really exist em PHP > > but i thinking those ways are little strange, i think this problem > > should be handle in amfphp and not in my code... > > > > In amfphp 1.2 we had way to create password for access methods, it's > > not possible to make in 1.9? > > > > --- In [email protected], Adnan Doric <astronaute@> wrote: > > > > > > danielvlopes wrote: > > > > Hello, i'm using amfphp 1.9 beta2 to make comunication between > php and > > > > flex, but i had some question about security when use amfphp... > > > > > > > > If someone discover the name of my methods in my classes inside > > > > services amfphp folder and point your flex app to my gateway using > > > > absolut path the invader can use my methods. > > > > > > > > Exist some way to use password to use gateway or don't accept > absolute > > > > paths or better way to fix this problem??? > > > > > > > > Thanks. > > > > > > > > > > > > > > > Hello, > > > > > > You can use MD5 or SHA1 from corelib for example to generate a unique > > > key to be recognized on PHP side. You should use PHP sessions too so > > you > > > can store session id in database and pass session id to flex using > > > flashvars (just an example). > > > > > > cheers, > > > Adnan > > > > > >
