I was also researching AMFPHP and I found in AMFPHP's authentication documentation that they recommend having the user authenticate themselves via textfields from Flex and pass these credentials on to PHP service. Also, sending the information encrypted via the use of SSL/TLS should also help lock down security. Those were my thoughts anyway... :)
-----Original Message----- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Sent: Tuesday, January 16, 2007 11:09 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] AMFPHP & Security Is there any good information available on how to properly secure AMFPHP/Flex. It seems like a simple decompile of the swf file can expose a wealth of information which could allow a hacker to easily connect to the gateway and call any number of methods. Is there any information on available on how to lock down an AMFPHP/flex app properly? I have seen some discussions on the boad regarding FDS security, but not AMFPHP. Is AMFPHP inherently less secure OR more secure than any other data service technology. The app I am building requires as high a level of security as I can reasonably enable. Thanks, Kevin