 | | | Flash authentication without database | Flash authentication without database
2004-02-22 - By Mark R. Jonkman
Back
Hi Dominico
Are you using https while retrieving the password list and or passing the
information back to the server? otherwise you are opening a HUGE security
hole. However, passing the password list an mass, is a very very very HUGE
security breach in and of itself. You are basically revealing all your
usernames and passwords to anyone who wants to sniff the stream or for that
matter anyone with a little bit of skill who is prying into your swf at
runtime. As someone already pointed out, you are far better off passing the
username and password to the server and have it do the validation there. You
may not know much PHP, but it isn 't rocket scientry to look at an http post
content in PHP using loadVars to send from Flash. My gut says if you use
https and loadVars or similar you will have a far far more secure site then
if you start passing a large xml file back and forth between the user 's
computer and the server.
Sincerely
Mark R. Jonkman
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
Supported by Fig Leaf Software
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
Be sure to check the archives and the wiki:
http://chattyfig.figleaf.com/
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
http://chattyfig.figleaf.com/cgi-bin/ezmlm-cgi?1:mss:104916
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
To unsubscribe send a blank e-mail to:
Normal Mode: flashcoders-unsubscribe@(protected)
Digest Mode: flashcoders-digest-unsubscrive@(protected)
|
|
|