On Wednesday 21 May 2008, Battershall, Jeff wrote:
> Yes, but we're talking on YOUR network where you have WebScarab or other
> such tool installed. It's not as though ALL your bank's transactions,
> regardless of intended recipient, are now visible to you.
No, of course not.
The OP asked "/i/ ca
Kenny, are you saying you want to implement security *within* your
Flex app? I think you'd have serious security holes with that (your
decompilation concern, for one). Typically security would be handled
at the client-server level, by hosting your SWF on a server that has
been configured to a
L PROTECTED] On
Behalf Of Tom Chiverton
Sent: Wednesday, May 21, 2008 4:41 AM
To: flexcoders@yahoogroups.com
Subject: Re: [flexcoders] Re: Securely Interfacing Between Flex and
Databases
On Tuesday 20 May 2008, David Pariente wrote:
> So u mean i can easily see the data of my bank transfers just usi
On Tuesday 20 May 2008, David Pariente wrote:
> So u mean i can easily see the data of my bank transfers just using an SSL
> proxy, like WebScarab
Yes, exactly.
--
Tom Chiverton
This email is sent for and on behalf of Halliwells LLP.
Ha
If your encryption can be broken just because somebody has the source to
your algorithm, then it's worthless already =) That's why we've got standard
algorithms that rely on keys in the first place.
-J
On Wed, May 21, 2008 at 2:25 PM, kenny14390 <[EMAIL PROTECTED]> wrote:
> So the bottom line
So the bottom line is to use an algorithm like RSA? To take a much
simpler example, if the Flex app receives the encrypted data "1234"
and it wishes to use that data, it must first decrypt it. So it
performs the decryption in some AS and now you have the decrypted data
that you wanted. My question
On Tue, May 20, 2008 at 4:54 PM, Aaron Miller
<[EMAIL PROTECTED]> wrote:
> Are you using any kind of token based authentication to serve the
> data? All the SSL in the world wouldn't stop someone from just sending
> POST or GET vars to your php scripts and getting the data back in nice
> pretty XML
I think you're confusing simple secret key encryption (DES, AES,
etc..) with public/private key encryption (RSA).
In secret-key encryption if an attacker steals the data and guesses or
brute forces the secret key, they can see the data.
In public/private key encryption, a message you send to the
curely Interfacing Between Flex and Databases
On Tuesday 20 May 2008, David Pariente wrote:
> when using SSL, maybe u
> could guess what kind of data is sent or receive, but u would never be able
> to seen actual data.
This is a common mistake.
It is perfectly possible to configure an SSL* proxy,
On Tuesday 20 May 2008, David Pariente wrote:
> when using SSL, maybe u
> could guess what kind of data is sent or receive, but u would never be able
> to seen actual data.
This is a common mistake.
It is perfectly possible to configure an SSL* proxy, like WebScarab, and use
it to inspect/modify
what the heck did you use before Flex that was so uber secure? This is the
world wide web here we are discussing, eh?
DK
On Mon, May 19, 2008 at 8:43 PM, kenny14390 <[EMAIL PROTECTED]> wrote:
> Well the concern is that no matter how you choose to encrypt/decrypt
> information, a Flash movie c
original
De: kenny14390 <[EMAIL PROTECTED]>
Para: flexcoders@yahoogroups.com
Enviado: martes, 20 de mayo, 2008 4:43:39
Asunto: [flexcoders] Re: Securely Interfacing Between Flex and Databases
Well the concern is that no matter how you choose to encrypt/decrypt
information, a Flash movie can
s.com [mailto:[EMAIL PROTECTED] On
Behalf Of kenny14390
Sent: Monday, May 19, 2008 10:44 PM
To: flexcoders@yahoogroups.com
Subject: [flexcoders] Re: Securely Interfacing Between Flex and
Databases
Well the concern is that no matter how you choose to encrypt/decrypt
information, a Flash movie can always be
Well the concern is that no matter how you choose to encrypt/decrypt
information, a Flash movie can always be decompiled and your
decryption method is caught with its pants down, allowing users to
find out how to view sensitive material that they're not supposed to
be looking at. So how are we supp
Simply having SSL (https) enabled on your php webserver will help.
Another methodology for accessing DB data is using AMFPHP (although I
haven't used it myself).
-Andrew
I ask because security is not only a concern for my personal project,
but also my employment responsibilities for my summer internship, so I
want to hear how others deal with this issue. If you can help, I'd
really appreciate the information.
--- In flexcoders@yahoogroups.com, "kenny14390" <[EMAIL
16 matches
Mail list logo
