----- Original Message ----- From: Abdul Qabiz To: [email protected] Sent: Monday, January 28, 2008 5:09 PM Subject: Re: [flexcoders] Role based rendoring of MXML components - visibility and editability
I would not do any such role-based things on client, it's very easy to spoof http packets and a normal user can get access to Admin UI... Just be careful with that... If you have solid way to avoid any such security issues, go ahead. -abdul If you can't implement a role based UI in the Flex client, are you suggesting Flex is an unsuitable technology? I don't really see that there's a problem. All that's required is that the initial login establishes the users credentials, once that's done the requests that are sent to the server from the flex client can be validated on the server against the logged in user, so the client is still unable to get access to or do anything that isn't permitted for that user. It's good to raise the flag that client-only verification isn't sufficient for robust security, but I don't see anything in the OPs request for a tag-based UI customised for roles and security settings that is inherently unworkable. Paul
