Hi, maybe you could use some kind of handshake protocol. There are plenty key based encryption algorithms. On the request you could encrypt the username and on server side decrypt and check if the username was valid. Still vulnerable to brute force attacks, but enough for most cases.
--- In [email protected], João <[EMAIL PROTECTED]> wrote: > > Hi, > > we are building an enterprise application using Flex. One module of > the application will be accessible on the internet so users can access > some data from the main system, without requiring a login. > > This module communicates with a web-service. It is already finished > and working fine, but the client needs to make sure that the > web-service is only accessible to our specific Flash client. Other > clients should not be able to request data from the web-service, since > it might compromise the business behind it. > > If there isn't a "perfect" solution, our client is not worried with > the fact that SWF's can be decompiled, so there is a possibility to > have something like a "key" hard-coded on the flash module, and a way > to use encription to respond to a challenge made by the server - > avoiding at least man on the middle attacks, i guess. > Some years ago i have studied a bit of public key infrastructures, but > never applied it on a project. > > I am far from being expert on security, but this is really important, > since without a rather reasonable solution a big part of the project > will be useless. > > What solutions do you propose? Does Flex have some kind of tools to > solve this problems? > > Thanks, > > João Saleiro > > www.riapt.org > www.webfuel.pt >
