Hi, we are building an enterprise application using Flex. One module of the application will be accessible on the internet so users can access some data from the main system, without requiring a login.
This module communicates with a web-service. It is already finished and working fine, but the client needs to make sure that the web-service is only accessible to our specific Flash client. Other clients should not be able to request data from the web-service, since it might compromise the business behind it. If there isn't a "perfect" solution, our client is not worried with the fact that SWF's can be decompiled, so there is a possibility to have something like a "key" hard-coded on the flash module, and a way to use encription to respond to a challenge made by the server - avoiding at least man on the middle attacks, i guess. Some years ago i have studied a bit of public key infrastructures, but never applied it on a project. I am far from being expert on security, but this is really important, since without a rather reasonable solution a big part of the project will be useless. What solutions do you propose? Does Flex have some kind of tools to solve this problems? Thanks, João Saleiro www.riapt.org www.webfuel.pt _______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
