 | | | Flash authentication without database | Flash authentication without database
2004-02-21 - By Jim Cheng
Back
Dominico Savio wrote:
> I have tried using Flash with XML, text file, but with the AS Viewer, they
> can lookup the file storing username and password.
> I can 't access to the htaccess or htpasswd files. :(
There 's not much you can do without a server-side solution,
as with an all-Flash solution, users can always use AS Viewer
or a similar program to look at your passwords. And even if
you were to encrypt the passwords with hashes, they can still
hack the Actionscript so that they wouldn 't have to enter a
password at all.
> PS: I am trying out this method, placing the xml file outside the root
> folder, have a PHP script to look read it and pass the data back to the
> Flash. Is this method secured enough??
That 's a great plan. The XML file should be secure from the
user trying to access it via HTTP; they 'd need to secure root
access to the machine or somehow exploit the webserver with
to read it (rather difficult).
You 'd probably want to validate the user in your PHP script
(e.g. ask for a username and password in Flash, send it over
to PHP using XML.sendAndLoad() and check the data against the
XML file before sending data back (if it fails, you can send
an error).
Regards,
Jim
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
Supported by Fig Leaf Software
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
Be sure to check the archives and the wiki:
http://chattyfig.figleaf.com/
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
http://chattyfig.figleaf.com/cgi-bin/ezmlm-cgi?1:mss:104912
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
To unsubscribe send a blank e-mail to:
Normal Mode: flashcoders-unsubscribe@(protected)
Digest Mode: flashcoders-digest-unsubscrive@(protected)
|
|
|