2 Replies Latest reply on Aug 17, 2010 3:16 PM by Zotilrak

    Security between flex+air and webservice

    Zotilrak

      Hello people.

       

      My name is Carlos. I hope that I can find the solution here and give solutions to others when I can .

       

      My problem is following...

       

      I got a problem programming my application, it will be one version in flex for web and another for desktop (air). Both have to comunicate to one webservice/server (actually xmlrpc server written in python) but I don't know how to validate in the xmlrpc server that the query is coming from my flex application.

       

      I was thinking in creating a dinamic hash in the flex app and send to the server to check if its is a correct syntax to give permission to send a query, but in any case, I have to have a constant to make this hash and know how to manipulate on server side.

       

      The point is the constant. If I have a constant inside of the flex app, anyone can decompile my app and know what is this constant, simulate the app query and steal my info.

       

      I don't know if there are one way to do it, but I am exploding my brain trying to get a solution for this.

       

      I am open to use other server type than xmlrpc, but I have to secure the info that is getting my flex app.

       

      Please any suggestion are welcome.

       

      Thank you very much.