3 Replies Latest reply on May 10, 2008 4:23 PM by slaingod

    Hiding webservices location

    batmitra Level 1
      Hi everybody

      Does anyone know how can i hide my webservices location?
      When we write the path on wsdl property inside mxml it can be seen by anyone who decompile my swf, so as i need to call a webservice that i use ti authenticate users i'd like it to be invisible.

      thanks
        • 1. Re: Hiding webservices location
          Mitek17 Level 1
          Even if you scramble the URL in SWF it will be visible to any sniffer, firewall etc. So for really interested ones you can't hide it.
          • 2. Re: Hiding webservices location
            batmitra Level 1
            hi
            thanks for your answer, i'll try to just encrypt my data
            • 3. Re: Hiding webservices location
              slaingod Level 1
              Keep in mind that in general, any data processed on the client is 'unsafe' by its very nature. The only place to safely process data that you wish hide is on the server which you control.

              You can obviously make it harder, but as warez cracks etc. point out, if it runs on the client, it can be cracked, decompiled, debugged, etc. In general the goal should be to store and process any data that shouldn't be visible to the client on the server side only, and to use encryption to prevent man-in-the-middle manipulation of the data.

              You can however pass data to a client that isn't secret, but you can prevent/reduce the chance that the data can be forged. A common (though not foolproof) method is to send the data (say their username or id) to the client along with an md5 or SHA1 hash of the data. Again, the hash validation must be done server side or the client can be attacked to gain the hash seed data.