Hi Jamie, You do have the steps right for deployment. As for securing the resource the options available would be to either:
- add security constraints to the destination. This would require you to either have users log in or hardcode credentials in the app (which is obviously no help in case of decompiling). - add J2EE web app security to your web app to secure the entire thing or any HTTP/AMF channels that are allowed to acces the destination Unfortunately there is no mechanism to automatically detect friendly vs. rogue swfs. But needing to know the channel and destination name are a slight deterrant. HTH, Tom --- In flexcoders@yahoogroups.com, "Jamie O" <[EMAIL PROTECTED]> wrote: > > Hello, > > I 'believe' what I describe below is accurate, just looking for > confirmation. We have a production WSDL that is called by a number of > other non-Flash/Flex apps. We would like to access it via Flex, but > not make the WSL url visible in code - thereby succeptible to > decompiled .swf access and non-company uses. > > In order to ensure this is the case, I believe we must do the following: > 1) Install Flex Data Services and create a named proxy service > destination with the wsdl url. > 2) Use destination="wsdlDestination" and useProxy="true" in HTTPService > > > Is there an inherrent control within FDS that prevents .swf from other > (malicious) sites from using our proxy? I guess conceptually because > it isn't served from there it would never know the connection to refer > back to other than the destination name which is not a fully qualified > URL. Wondering if we would also need a crossdomain.xml file to inhibit > non-company .swf from accessing? > > Thx, > Jamie > -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/flexcoders/join (Yahoo! ID required) <*> To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
