----- Original Message ----- From: "rmarples" <[EMAIL PROTECTED]> To: <flexcoders@yahoogroups.com> Sent: Wednesday, December 05, 2007 11:30 PM Subject: [flexcoders] Re: Local storage of password
> Well the thing about this application is, I don't own the server. I'm > using a 3rd party > Internet web service (salesforce.com in this case). So I can't change the > way the server > authenticates people - actually it does so in a very rational way anyway. > The requirement > was simply to save the user the pain of having to type in their username > and password > every single time they hit my app since the browser auto-fill feature > doesn't work for Flex > apps. It's easy to store the username because I can throw it into a > SharedObject because > it's not sensitive, but for the password the salesforce.com security > requirements are such > that you can only store local passwords if you encrypt them and you can't > store the > encryption key in the code. Anyway, thanks for everybody's input but it > looking like this > requirement just isn't going to make sense, so I think I will push to just > have the username > saved but not the password. Why is typing in a password such a big deal? I think most users expect to have to sign in to an application, though some companies operate a single sign-on architecture where that is not required. What is the case here? We've focussed on one small aspect of security, what is the bigger picture? Paul > Ryan snip