2 Replies Latest reply on Aug 17, 2010 3:16 PM by Zotilrak

    Security between flex+air and webservice


      Hello people.


      My name is Carlos. I hope that I can find the solution here and give solutions to others when I can .


      My problem is following...


      I got a problem programming my application, it will be one version in flex for web and another for desktop (air). Both have to comunicate to one webservice/server (actually xmlrpc server written in python) but I don't know how to validate in the xmlrpc server that the query is coming from my flex application.


      I was thinking in creating a dinamic hash in the flex app and send to the server to check if its is a correct syntax to give permission to send a query, but in any case, I have to have a constant to make this hash and know how to manipulate on server side.


      The point is the constant. If I have a constant inside of the flex app, anyone can decompile my app and know what is this constant, simulate the app query and steal my info.


      I don't know if there are one way to do it, but I am exploding my brain trying to get a solution for this.


      I am open to use other server type than xmlrpc, but I have to secure the info that is getting my flex app.


      Please any suggestion are welcome.


      Thank you very much.