Zend_Amf_Server performs authentication only if it receives AMF CREDENTIALS_HEADER. So if my Flash app doesn't send the CREDENTIALS_HEADER it gets access to all server methods.
Authentication that can be turned off by the cliet, makes no sense to me. Please explain why is it implemented this way. -- View this message in context: http://n4.nabble.com/Zend-Amf-Server-authentication-tp1568933p1568933.html Sent from the Zend Framework mailing list archive at Nabble.com.
