Thanks again for your help Ray and Peter.. I am actually a little lost. All I want is to guarantee that the user name and password that will go from Flex HTTPService to my JSP web-service will not be intercepted. And I'm also lost about how will I maintain the session with the HTTPService. Cookies dont seem to be possible, URL rewriting is possible mas I'll have to see how will I do that. At the moment of the login, my service will have to pass me a key or something like that. (as someone already mentioned) That I will use along with the other services... I'm lost. lol
On 05 Apr 2007 14:23:58 -0700, Peter Farland <[EMAIL PROTECTED]> wrote:
HTTPService has a url property so if you start your URL with https:// then that tells the Flash Player that you want to use SSL to communicate with the web server. Note that to make an HTTPS connection you must load your SWF via a secure URL too. If you're even asking the question "what are the chances of my data being intercepted" then I think you've just made the decision to use SSL. If you're building a commercial application that has personalized data then you will want to use a secure protocol like HTTPS. For a quick and simple explanation of how SSL works see Richard E. Smith's book "Authentication - From Passwords to Public Keys" - Chapter 13.6. ________________________________ From: flexcoders@yahoogroups.com <flexcoders%40yahoogroups.com> [mailto: flexcoders@yahoogroups.com <flexcoders%40yahoogroups.com>] On Behalf Of André Rodrigues Pena Sent: Thursday, April 05, 2007 4:55 PM To: flexcoders@yahoogroups.com <flexcoders%40yahoogroups.com> Subject: Re: [flexcoders] Re: User authentication Guys.. I appreciate all your help. I could realize how many possibilities there are regarding authentication. My question now is: How can I secure my HTTPService? Is there some HTTPSService? What do I do to work with SSL? Or even.. if I send user name and password through an unprotected HTTPService. What are the chances of my data to be intercepted?
-- André Rodrigues Pena LOCUS www.locus.com.br Blog www.techbreak.org
