The only possible solution which is close to your needs is implementing a custom encryption. Since Flash movies can be decompiled the encryption algorithm is also accessible for experts, but if you obfuscate it well, maybe it will not worth decompiling and deobfuscating (it depends on the potential profit, which can be gained by "hacking" your webservices, of course).
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= From: João Saleiro <[EMAIL PROTECTED]> To: Open Source Flash Mailing List <[email protected]> Date: Friday, December 21, 2007, 5:17:50 PM Subject: [osflash] Solutions to provide a secure access to a Web-Service using Flex --====----====----====----====----====----====----====----====----====----===-- Hi, we are building an enterprise application using Flex. One module of the application will be accessible on the internet so users can access some data from the main system, without requiring a login. This module communicates with a web-service. It is already finished and working fine, but the client needs to make sure that the web-service is only accessible to our specific Flash client. Other clients should not be able to request data from the web-service, since it might compromise the business behind it. If there isn't a "perfect" solution, our client is not worried with the fact that SWF's can be decompiled, so there is a possibility to have something like a "key" hard-coded on the flash module, and a way to use encription to respond to a challenge made by the server - avoiding at least man on the middle attacks, i guess. Some years ago i have studied a bit of public key infrastructures, but never applied it on a project. I am far from being expert on security, but this is really important, since without a rather reasonable solution a big part of the project will be useless. What solutions do you propose? Does Flex have some kind of tools to solve this problems? Thanks, João Saleiro www.riapt.org www.webfuel.pt _______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= _______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
