1 person found this helpful
So, all I need do is decompile the login code then I and my friends can jump straight to the main page, home
So are you suggesting a login system using something(PHP or ASP.Net) other than Flex? Please elaborate...
Flex is no different to many other technologies on the client - if you validate a login on the client it is amenable to hacking. Validate the login on the server and take care to know that what is communicating with the server afterwards is the same thing that passed login validation. You need some kind of session tracking.
Would you mind giving some insight/sample on how session tracking can be done in Flex and PHP? I assume PHP will handle the start/stop session and write to DB. On the client side, Flex will store the session info in the SharedObject??
I currently have three projects on the go, so I can't really spend much time on this. It ca
n be a bit of a minefield for some circumstances, but this link should be a good start
Personally I would probably favour using the baton token concept where upon login a token (baton) is passed back to the flex application and whenever the system requests data, the baton token is also passed and the request verified as a logged in user by the PHP backend.
Naturally, it all depends on how secure your application needs to be to decide exactly what measures will suit. Data passed betweeen client and server and back can be intercepted if a secure protocol is not used.
The link was very useful and I really appeciate your insights.