-
1. Re: How to protect AMF gateway
Michael Borbor Apr 28, 2010 3:03 PM (in response to vepor)Create an authentication method in order to protect the access to the gateway.
-
2. Re: How to protect AMF gateway
vepor Apr 29, 2010 4:27 AM (in response to Michael Borbor)Yes, there is an authentification method:
PyAMF has a method, which evaluates the credentials sent in the HTTP headers. The credentials however are exposed to the public in the SWF when the login and password are passed to the NetConnection.addHeader() method.
After some testing, I found out, that the approach with the crossdomai.xml policy file actually prevents the access to the gateway, even from SWFs run locally, with one exception: The SWF, which i have compilled under the same windows account from which i have deployed the GAE app has still the access to the gateway, when run standalone. When i run the SWF on other accounts on the same computer, i get a SecurityErrorEvent as expected. The same happens, when i try it under the same account on a diferent computer on the network. The SWF on the developement account is apparently in the same security sandbox as the app running on appspot. How is this possible? Does it have something to do with the attributes of the file?

