that's something to start width
thanx thomas
-----Ursprüngliche Nachricht-----
Von: A mailing list for discussion about Sun Microsystem's Java Servlet
API Technology. [mailto:[EMAIL PROTECTED]]Im Auftrag von
Saumont Pierre-Yves
Gesendet: Donnerstag, 29. März 2001 16:16
An: [EMAIL PROTECTED]
Betreff: Re: security
If your Flash application is downloaded from your server, it can't access
any server in any other domain than the one from which it has been
downloaded. So the problem is only for users who would copy the Flash
application on their computer and try to launch it locally. In that case,
the application can access any server in any domain.
What you can do is make the Flash application available trough the servlet
and use a generated id code to identify it when it subsequently comes back
to access data through the servlet.
This solutions won't solve your problem completly because one could access
the servlet to have a session created, then obtain the id code from the
client and use it in another (local) application to access your servlet
while the session is still valid. But it may be sufficient depending the
level of security you need. The very weak point in this stategy is passing
the Id code to the Flash application. There are several ways to do this (for
example using parameters in the containing HTML code), and no one is secure
because this data can be visible to the user..
Another stategy is to ask the host application (through fscommand) the url
of the document containing the Flash application and use this in the request
to the servlet.
Anyway, there are no perfect solution because one can always write an
application (not necessarily a Flash client) that will access your servlet
and simulate the Flash client.
Pierre-Yves
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
