( Thanks for listening; glad you enjoy ) You are working on an application with very odd security requirements. I almost think you'd be better off with a completely open web service.
You might store the encryption key in a database or server side / non web accessible XML and use some form of remoting (or at least SSL) to pass it back and forth to the Flex client. rmarples wrote: > > > Hi Jeff - Thanks for the response. By the way, great podcast :) > > I will look into the encryption libraries that both you and William > mentioned but I'm > wondering how they handle the encryption key. I have a requirement that > I can't store the > encryption key in the source code as a string literal. I'm wondering if > you or anybody else > has ideas on how to handle this? > > Ryan > > --- In [email protected] <mailto:flexcoders%40yahoogroups.com>, > Jeffry Houser <[EMAIL PROTECTED]> wrote: > > > > > > Yes, MD5 is a hashing algorithm and it is unlikely you'd be able to > > take a hash and get the original text (in a timely / efficient manner). > > > > There are a few AS3 encryption projects. ASCrypt3: > > ascrypt3.riaforge.com and Crypto http://crypto.hurlant.com/ > <http://crypto.hurlant.com/> > > > > Both of them have 2-way encryption algorithms you could use. AES > > perhaps? That said, I worry about the security implications of storing > > this type of authentication between application uses. > > > > rmarples wrote: > > > > > > > > > Tracy - Isn't MD5 a hashing algorithm? Meaning I can only encrypt, not > > > decrypt? I don't > > > think this would work for this scenario would it? > > > > > > Ryan > > > > > > --- In [email protected] > <mailto:flexcoders%40yahoogroups.com> > <mailto:flexcoders%40yahoogroups.com>, > > > "Tracy Spratt" <tspratt@> wrote: > > > > > > > > There is an MD5 library available for AS3 that I have used. > > > > > > > > > > > > > > > > Tracy > > > > > > > > > > > > > > > > ________________________________ > > > > > > > > From: [email protected] > <mailto:flexcoders%40yahoogroups.com> > > > <mailto:flexcoders%40yahoogroups.com> > [mailto:[email protected] <mailto:flexcoders%40yahoogroups.com> > > > <mailto:flexcoders%40yahoogroups.com>] On > > > > Behalf Of rmarples > > > > Sent: Monday, December 03, 2007 4:59 PM > > > > To: [email protected] > <mailto:flexcoders%40yahoogroups.com> <mailto:flexcoders%40yahoogroups.com> > > > > Subject: [flexcoders] Local storage of password > > > > > > > > > > > > > > > > I have a requirement to take credentials used for an external web > > > > service and cache them > > > > locally so that the user need not re-type their password each > time they > > > > run the app. I can > > > > easily store these credentials in a SharedObject (cookie) but I don't > > > > want to store the > > > > password in plain-text here. Does anybody have any > recommendations on an > > > > ecrypt/decrypt > > > > mechanism I can use for this? Also I have a requirement that any key > > > > used to encrypt can not > > > > be stored in the source code as a string literal. > > > > > > > > Ryan > > > > > > > > > > > > > > -- > > Jeffry Houser, Technical Entrepreneur, Software Developer, Author, > > Recording Engineer > > AIM: Reboog711 | Phone: 1-203-379-0773 > > -- > > My Company: <http://www.dot-com-it.com <http://www.dot-com-it.com>> > > My Podcast: <http://www.theflexshow.com <http://www.theflexshow.com>> > > My Blog: <http://www.jeffryhouser.com <http://www.jeffryhouser.com>> > > > > -- Jeffry Houser, Technical Entrepreneur, Software Developer, Author, Recording Engineer AIM: Reboog711 | Phone: 1-203-379-0773 -- My Company: <http://www.dot-com-it.com> My Podcast: <http://www.theflexshow.com> My Blog: <http://www.jeffryhouser.com>
