RE: [flexcoders] shared object security with flex 1.5

[Jason Hawryluk]

Your logging in people automatically ? This is an intranet correct? If not you may want to rethink your strategy. If it's an "intranet" then what about people changing computers, I'm sick someone using my cpu etc.., oop's. If "internet" think open door cyber cafe, or welcome to my work kids. -----Message d'origine----- De : flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED]De la part de Robert Brueckmann Envoyé : mardi 7 février 2006 15:45 À : flexcoders@yahoogroups.com Objet : RE: [flexcoders] shared object security with flex 1.5 Great idea Taka!  I will indeed try that.  Thanks so much!  I can’t believe I didn’t think of that…sometimes the most obvious is right in front of you…thanks for your help! robert l. brueckmann vice president merlin securities 595 madison avenue new york, ny 10022 p: 212.822.4821 f: 212.822.4820 From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Taka Kojima Sent: Monday, February 06, 2006 3:16 PM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] shared object security with flex 1.5 Dear Robert, Yeah, here's an idea: Have it store the IP address (encrypted) in the file as well, then on the other end, have it check the IP to make sure it's the same IP, if not it can reset all of the variables in the file or remove all of the contents of the file and not automatically log the user in. That should work out... let me know. Sincerely, Taka Kojima Director of Promotion & Marketing ABLE International From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Robert Brueckmann Sent: Monday, February 06, 2006 11:33 AM To: flexcoders@yahoogroups.com Subject: [flexcoders] shared object security with flex 1.5 I created a "remember me on this computer" option when the user logs in, so when they come to the URL it automatically logs them into our site based on the username and password I'm encrypting and storing in a shared object on their machine.  Works great. Out of curiosity, I located that actual shared object file and emailed it to my coworker and had him install it in the similar location on his machine and when he went to the website, it automatically logged him in as me.  Is there any way to prevent this from happening?  I mean, what additional security could I add to prevent (if the user does, for whatever conceivable reason) the copying of the .sol file from the one computer to another and it still work?  I figured there would have been some footprint on the .sol file (I thought that’s what all those additional characters were in the .sol file when I opened it in WordPad to look at it were) from my flash player, some unique id or something that lets the .sol file only work with my flash player on my machine and not all flash players...but I guess not...any thoughts? robert l. brueckmann vice president merlin securities 595 madison avenue new york, ny 10022 p: 212.822.4821 f: 212.822.4820 This message contains information from Merlin Securities, LLC, or from one of its affiliates, that may be confidential and privileged. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify the sender immediately by telephone or by replying to this transmission. Merlin Securities, LLC is a registered broker-dealer. Services offered through Merlin Securities, LLC are not insured by the FDIC or any other Federal Government Agency, are not deposits of or guaranteed by Merlin Securities, LLC and may lose value. Nothing in this communication shall constitute a solicitation or recommendation to buy or sell a particular security.   This message contains information from Merlin Securities, LLC, or from one of its affiliates, that may be confidential and privileged. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify the sender immediately by telephone or by replying to this transmission. Merlin Securities, LLC is a registered broker-dealer. Services offered through Merlin Securities, LLC are not insured by the FDIC or any other Federal Government Agency, are not deposits of or guaranteed by Merlin Securities, LLC and may lose value. Nothing in this communication shall constitute a solicitation or recommendation to buy or sell a particular security. -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com SPONSORED LINKS Web site design development Computer software development Software design and development Macromedia flex Software development best practice YAHOO! GROUPS LINKS  Visit your group "flexcoders" on the web.    To unsubscribe from this group, send an email to:  [EMAIL PROTECTED]    Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.