1 Reply Latest reply on Dec 12, 2006 4:10 PM by PabIo

    Flash -> ASP -> REFERER Alternative

      If I'm sending from Flash valuable information via POST

      // Pass the info to the ASP page
      goGetResult = new LoadVars();
      goGetResult.sCreditCardNumber = sCrediCardNumber;
      goGetResult.nUserID = _global.nUserID;
      goGetResult.onLoad = CheckResult;
      ASSetPropFlags( goGetResult, ["onLoad"], 1 );
      goGetResult.sendAndLoad( "StoreCreditCardInfo.asp", goGetResult, "POST" );

      Seeing Flash doesn't send HTTP information, more specifically ....REFERER.
      How can I ensure that nobody parachutes into my StoreCreditCardInfo.asp page?

      I'd like to check in ASP if the HTTP_REFERER matches the HTTP_HOST, but this is obviously not possible.

      Has anyone found a more secure way of talking between flash and a server side language?


      //// IGNORE BELOW ///
        • 1. Re: Flash -> ASP -> REFERER Alternative
          As far as i know (not too much, i hope i can help) the referer can be modified, so this wouldnt give you any true security. Anyway, what's the proble with people using this asp? I think that the only thing you should be concerned about is to secure the data you transfer from flash to the ASP. If you are dealing with credit cards make sure you are using https.