Darren,
Flex inherits the HTTP session that the page which contained the EMBED
tag acquired. Dont forget that HTTP/HTML is entirely stateless and
yet we can easily secure those. The theory is identical with Flex.
--
Dave Wolf
Cynergy Systems, Inc.
Adobe Flex Alliance
Partner
http://www.cynergysystems.com
http://www.cynergysystems.com/blogs
Email: [EMAIL PROTECTED]stems.com
Office: 866-CYNERGY
--- In [EMAIL PROTECTED]ups.com,
"Darren Houle" <[EMAIL PROTECTED]> wrote:
>
> Franck,
>
> I agree with you, but... how do you handle security in a stateless
back-end?
> I mean... how do you maintain logged-in / user session
information? Or
> unauthorized access of the web services by others? If Flex is
*completely*
> agnostic of the back-end technology then how do you securely link them
> together?
>
> Darren
>
>
>
>
> >From: "Franck de Bruijn" <franck.de.bruijn@...>
> >Reply-To: [EMAIL PROTECTED]ups.com
> >To: <[EMAIL PROTECTED]ups.com>
> >Subject: RE: [flexcoders] Re: Choice of backend systems - which
provides
> >best functionality
> >Date: Tue, 22 Aug 2006 18:03:24 +0200
> >
> >Hi Barry,
> >
> >
> >
> >I'm not sure if I can be of much help here. I'm not into PHP, I'm
not into
> >FDS and remoting and the AMF protocol that is related to it. For
me, but
> >that is totally a personal opinion, the only acceptable solution for
> >communication with a back-end is webservices, and nothing else.
Briefly
> >here
> >are my reasons:
> >
> >* The coolest thing about Flex is not the graphics ... but that you
> >can make your server stateless, meaning that you obtain 100% fail-over
> >characteristics including linear scalability. With FDS (or any other
> >related
> >solution) you highly likely lose this `feature' and my guess is that
> >scalability will be tougher to achieve; for sure it is harder to
guarantee
> >... with a stateless server solution you can. And we always want to
grow
> >with our applications, don't we???
> >* I like to keep my Flex layer totally independent of my back-end
> >layer. My back-end layer should not be aware by any means of the client
> >technology. With webservices you realize this. With FDS (or any other
> >related solution) you get a vendor lock-in, which I consider
undesirable.
> >* The trend in my business is that more and more you get projects only
> >for a front-end or back-end solution. In the past it occurred more
that you
> >had to build them together, but that is changing. It's very
acceptable to
> >request a back-end to expose its operations through webservices.
It's not
> >very accetable to request them to expose it via FDS or something
like that.
> >
> >
> >
> >To be fair, there are some disadvantages using web services as
well; among
> >others:
> >
> >* No automatic conversion of the web service results into your custom
> >action script classes. You have to make converters yourself to
accomplish
> >this. With FDS/AMF I understand you can have this conversion
automatically
> >done for you.
> >* Performance. People tend to say that webservices are slow. It's true
> >that the serialization/deserialization of the XML (both on client
and
> >server) side takes computing time. My experiences so far are that this
> >extra
> >computing time is not causing any serious damage in the user
experience.
> >* Flex has some trouble communicating with DOC/Literal encoded
> >webservices. Especially in the .Net corner this is causing
problems. But
> >that should be temporarily ... The adobe guys are working on it and
> >hopefully in a next release these issues will be fixed.
> >
> >
> >
> >For me the advantages of webservices by far outweigh the
disadvantages. So
> >if you ask me: use webservices! You keep your freedom ...
> >
> >
> >
> >Cheers,
> >
> >Franck
> >
> >
> >
> >
> >
> > _____
> >
> >From: [EMAIL PROTECTED]ups.com
[mailto:[EMAIL PROTECTED]ups.com]
On
> >Behalf Of barry.beattie
> >Sent: Tuesday, August 22, 2006 9:50 AM
> >To: [EMAIL PROTECTED]ups.com
> >Subject: [flexcoders] Re: Choice of backend systems - which
provides best
> >functionality
> >
> >
> >
> >Franck and Doug: may I be so bold as to include here some information
> >I sent to our programming team for them to have some context?
> >
> >I offer it here as a talking point only - and would invite any
> >comments or corrections to help me gain a better understanding myself
> >... this has just been gathered by my own ad-hoc investigations. the
> >context of the email was a report that Adobe were seriously targeting
> >PHP developers for Flex.
> >
> >------------------------------------
> >regarding Flash remoting: some background to put it into context:
> >
> >there are three basic ways of getting communication happening between
> >a SWF (now-a-days built with Flex) and server-side code:
> >
> >webservices
> >XML HTTP requests
> >Flash Remoting (using the Async Message Format - AMF)
> >
> >PHPAMF (Flash remoting with PHP) is not a Macromedia/Adobe product. It
> >was reverse engineered by the PHP community to use Flash remoting.
> >It's been around for a few years (that I know of) and may be even more
> >popular than CF-AMF (don't know for sure)
> >
> >here's the important bit:
> >
> >PHPAMF, OpenAMF, the Adobe .NET/ Java remoting add-in and ColdFusion
> >6.1 remoting all use the AMF0 protocol. ColdFusion 7.02 and
> >FlexDataServices (Java) all use AMF3
> >
> >What's the diff? 2 things:
> >Apart from some removal of dumb stuff-ups and a reduction of data
> >packet size (thanx to new encoding), AMF3 is very strongly typed which
> >allows a seamless (and easy) mapping/conversion between server side
> >objects (eg: Java value objects and ColdFusion's CFC's). This is why
> >FlexBuilder can have a simple wizard to take your CFC and create
> >Actionscript classes from it (and/or visa-versa). Before it was all
> >manual with a tonne of testing (eg string to numeric conversions,
etc).
> >
> >[NOTE: the follow paragraph is total speculation]
> >
> >Also, inside the latest Flash player (Flash9) there are actually 2
> >players. An older for backwards compatability and the latest
"hot-rod"
> >that has had some amazing improvements in functionality and speed.
> >Expect to see the use for the older player depricated in less than 5
> >years (the new player in Flash9 is like starting again). AMF0 is for
> >the older player, AMF3 for the newer.
> >
> >Will Adobe release their own PHPAMF using AMF3? I'm not sure, since
> >they aren't bothering to upgrade the .NET/ Java remoting add-in (I've
> >checked). But if they do, you can be assured that they will charge
> >well for it - just like the .NET/ Java remoting add-in (almost as much
> >as a CF licence).
> >
> >Will the PHP community re-engineer their remoting for AMF3? Quite
> >possibly. they're smart people. But I haven't herd anything yet....
> >
> >my gut feeling? Adobe will try and push remoting onto everyone so they
> >can take up Flex 2 and buy Flexbuilder. they'll have to support it
> >somehow. see the note below about WebOrb...
> >
> >ADDENDIUM
> >
> >I have deliberatly not mentioned 2 products:
> >
> >WebOrb, a pricey but full featured product that is an alternative to
> >FlexDataServices (and runs AMF3) for .NET and Java - and - (comming
> >soon) PHP and Ruby! (http://www.themidni
> ><http://www.themidnightcoders.com/index.htm>
ghtcoders.com/index.htm)
> >Fluorine, an open source project for Flash (AMF3) and .NET
> >(http://fluorine.
<http://fluorine.thesilentgroup.com/fluorine/index.html>
> >thesilentgroup.com/fluorine/index.html)
> >
> >
> >
>
