I've been scouring the web for examples of using PHP to
access data from MYSQL. My issue is there is no real security model
mentioned accept form weborb. All requests are made via POST to a
php page, which anyone could make a page and post variables to to
get data. Am I missing something obvious here? How can i secure my
flex application and the php pages it uses to retrieve and assign
I think that i was missing something quite obvious. I was
assuming that requests were made via POST, instead of RemoteObject,
which can evoke a php class directly. Even if a user could get to
the php file via a web browser, they can't evoke a function/method
in a class. I got Weborb working beautifully to make the connection
and call the function.
As a side note, if anyone reading has had trouble getting
weborb working on an actual server for development, let me tell ya
that It's much easier to setup a local environment (like MAMP or
WAMP), get your program running and then transport it to your
Also as a side note for anyone trying to make sure weborb is
secure, AMF (but more specifically the RemoteObject) operates as a
server call, not a user call. So setting up protection (.htaccess
or the like) for the entire weborb folder won't break your scrips.
And won't let anyone go in a play with your configuration either.
(This is the case even for a non-weborb class)