2 Replies Latest reply on Aug 3, 2007 7:41 AM by banner_ogdenmd

    Am I missing something?

    dimpled Level 1
      I've been scouring the web for examples of using PHP to access data from MYSQL. My issue is there is no real security model mentioned accept form weborb. All requests are made via POST to a php page, which anyone could make a page and post variables to to get data. Am I missing something obvious here? How can i secure my flex application and the php pages it uses to retrieve and assign data?
        • 1. Am I missing something?
          dimpled Level 1
          I think that i was missing something quite obvious. I was assuming that requests were made via POST, instead of RemoteObject, which can evoke a php class directly. Even if a user could get to the php file via a web browser, they can't evoke a function/method in a class. I got Weborb working beautifully to make the connection and call the function.

          As a side note, if anyone reading has had trouble getting weborb working on an actual server for development, let me tell ya that It's much easier to setup a local environment (like MAMP or WAMP), get your program running and then transport it to your server.

          Also as a side note for anyone trying to make sure weborb is secure, AMF (but more specifically the RemoteObject) operates as a server call, not a user call. So setting up protection (.htaccess or the like) for the entire weborb folder won't break your scrips. And won't let anyone go in a play with your configuration either. (This is the case even for a non-weborb class)
          • 2. Re: Am I missing something?
            banner_ogdenmd
            Take a look at the "crossdomain" policy file, this allows you to specify which domains can access information on your site using flex applications. An example is at
            http://www.cnn.com/crossdomain.xml