I think the best way would be implementing some kind of handshake protocol. There are plenty of encryption algorithms available. You could save the passwords encrypted (using sha1) on the DB and then just send it encrypted on every request. On the server side you just had to check if there was any matching password before you reply. Still subject to brute force attacks, but enough for most cases.
João Saleiro wrote: > > Hi, > > we are building an enterprise application using Flex. One module of > the application will be accessible on the internet so users can access > some data from the main system, without requiring a login. > > This module communicates with a web-service. It is already finished > and working fine, but the client needs to make sure that the > web-service is only accessible to our specific Flash client. Other > clients should not be able to request data from the web-service, since > it might compromise the business behind it. > > If there isn't a "perfect" solution, our client is not worried with > the fact that SWF's can be decompiled, so there is a possibility to > have something like a "key" hard-coded on the flash module, and a way > to use encription to respond to a challenge made by the server - > avoiding at least man on the middle attacks, i guess. > Some years ago i have studied a bit of public key infrastructures, but > never applied it on a project. > > I am far from being expert on security, but this is really important, > since without a rather reasonable solution a big part of the project > will be useless. > > What solutions do you propose? Does Flex have some kind of tools to > solve this problems? > > Thanks, > > João Saleiro > > www.riapt.org > www.webfuel.pt > > > -- View this message in context: http://www.nabble.com/Solutions-for-provide-a-secure-access-to-a-Web-Service-using-Flex-tp14456430p14458004.html Sent from the FlexCoders mailing list archive at Nabble.com.
