Hi,
I'm looking for the best and most secure way to restrict access to a web API
to only allowed applications. The best option I found is to use 2-Legged
OAuth where applications would get a consumer key and a secret key. The
problem here is that SWF files can be easily decompiled and the keys
You can embed the keys instead of keeping them in plain site.
check this session I think you will find some useful stuff:
http://tv.adobe.com/watch/360flex-conference/encrypting-flex-protecting-revenue-by-andrew-westberg/
C
From: Haykel BEN JEMIA
The following course have been replaced by an ad for 'The Bourne
Ultimatum'!! Hackers at work?
http://tv.adobe.com/watch/360flex-conference/encrypting-flex-protecting-revenue-by-andrew-westberg/
Haykel Ben Jemia
Allmas
Web RIA Development
http://www.allmas-tn.com
I do get the same trailer and then the streaming just freezes...
Weird.
Thanks Claudiu,
I have found a PDF of the presentation and on page 4 it says the following
about protecting sensitive data through embedding:
* Most decompilers don’t look at embedded data.
* Given that SWF is an open file format, nothing is really stopping them
from doing this in the future.
*
The thing is that most client side apps implement security by obscurity which
pretty much means that you will never be safe 100%, the only thing you do is
not putting it in plain sight. So as you continue is add more level of
obscurity, but as said that will only make it harder still not
Just use watch expressions to see only the items you are interested in.
--- In flexcoders@yahoogroups.com, Wouter Schreuders wschreuders@... wrote:
Hi All
When debugging some code and stepping through or stepping over some code, is
it possible to configure flex to not include certain
What kind of access to the web API are you trying to prevent? What
configurations need to use the API? If the API doesn’t need to be used by
other servers, I thought you could check the headers and make sure the API is
being called from a client served from your domain and deny all others. I
Access should only be granted to applications approved by the team. At the
beginning these will be our own applications but we want to approve apps
from other developers in the future.
Your suggestion works for web applications and we are planning to use it,
but it can not be used for AIR
yeah you have just confirmed my 'fear' that for client applications there is
actually no secure way to identify them because anything they include (data,
algorithms etc.) can be cracked and the identification process can be
reproduced. We can only try to make it as hard as possible.
Haykel Ben
Oh my goodness, I promise I tried this before posting to the group, but I tried
it again and it does work. Of course.
Thank you so much!
Carrie
--- In flexcoders@yahoogroups.com, turbo_vb TimHoff@... wrote:
Have you tried this:
mx:CheckBox id=cb selected={ data.fired } enabled={
The problem with making it as hard as possible is the overhead on your
client application. decrypting a lot of data is a processer intensive
operation and your own UI could suffer, while someone stealing data could
decrypt it in C and republish that data unencrypted, giving their UI the
edge over
can anybody help me in creating paging for datagrid using coldfuion and oracle?
Adobe's been alerted and are investigating.
On Mon, Sep 26, 2011 at 5:31 AM, claudiu ursica the_bran...@yahoo.comwrote:
**
I do get the same trailer and then the streaming just freezes...
Weird.
i everybody
I have my
mx:Button label=test width=140 styleName=rightAlignDataGridCol
mouseEnabled=false top=0 x=23 fillAlphas=[1.0, 1.0, 1.0, 1.0] /
I want to migration to flex 4 so for
s:Button label=test width=140 styleName=rightAlignDataGridCol
mouseEnabled=false top=0 x=23 fillAlphas=[1.0,
Hi,
I am creating a pure as3 game and I was using the last version of flex sdk and
compiling to last player version. Now I using flex 3.6 and compiling to player
version 9.0.280 and that change created a wierd problem: Every time I set the
game to fullscreen a sprite's children are drawn
16 matches
Mail list logo