I have Flex (swf) application which communicate with my backend server (via. HTTP requests).
I's really important for me, that no one will write own application (or modify mine) to contact with server.
How can I avoid this situation?
I belive that any securite inside Flex application can be easily reverse engineered - is it true?
Decompiling application is OK - just don't want other versions to be able to contact with my server.
Swf will be downloaded from my site (single URL), but will be embedded on many sites (I have full list).
Do you have any advices?
Thanks a lot.
There is no way of stopping people trying to create apps that try to connect to your server.
You can write a license that makes it illegal but it doesn't mean they won't do that
Anyone can contact the server. It doesn't take a special application. Simple monitoring of the requests will reveal the endpoint.
It is the server side the is almost entirely responsible for your application security. You must configure it to accept only certain connections and to manage all the fun user stuff.
You're right about the swf files being easily reverse engineered, so don't place anything sensitive in there. Then again, this shouldn't be a problem since the server should be doing the work.
Check out the LiveDocs on security:
They are very Java-centric in the documentation, but the same approach can of course be applied to any other technologies.