I ask because security is not only a concern for my personal project, but also my employment responsibilities for my summer internship, so I want to hear how others deal with this issue. If you can help, I'd really appreciate the information.
--- In flexcoders@yahoogroups.com, "kenny14390" <[EMAIL PROTECTED]> wrote: > > I've been using the following method for accessing databases in Flex: > > -HTTPService component connects to a PHP page on the same server and > sends any appropriate data values via the POST or GET method. > > -PHP page sets up a MySQL connection and performs the necessary > operations. > > -PHP writes any appropriate output values to the page in XML format. > > -HTTPService component follows up with the result by calling an > appropriate ActionScript function, passing in the ResultEvent for easy > XML parsing. > > This method works for me, but is there an easier way? More > importantly, is there a SECURER way? I fear that having these PHP > files is not only redundant but it also poses a security risk for SQL > injections or a sniffing man-in-the-middle attack. The data I'm > sending back and forth is not all that important compared to banking > information or something, but I'm still worried about security and it > would be good to know the proper way to do a task like this. > > Is this the only way to connect to a database? Is there a more secure > way? Thanks! >
