2 Replies Latest reply on Oct 25, 2011 2:57 PM by ReelMania1

    Secure http service call

    ReelMania1

      I have a working application that pulls data from a server and then populates the local sql lite database on the users mobile phone. How do I set it up so that http service call is secure.

      Currently the file I am accessing is an xml file on my company server in the public directory.

        • 1. Re: Secure http service call
          oldMster Level 3

          The simple answer is to use https: in the URL for the http service.  Since the mobile AIR app will not be loaded from the domain it is accessing, the server needs a 'secure="false"' entry in the crossdomain.xml.  Seems backwards, but secure="false" allows https access from non https domains, secure="true" (default) only allows https access if the SWF was loaded via https.

           

          Mark

          1 person found this helpful
          • 2. Re: Secure http service call
            ReelMania1 Level 1

            Mark,

            Thanks for the help. I am very new to this and appreciate the help, I just want to make sure so I dont get fired.LOL

             

            I set the code to use https in the URL and ran the application, it works both with(https) and without (http). I assume that when it pulls using https, it uses the cert in the server and sends that data securely.

             

            I also was able to run this without and with the crossdomain.xml file on the server, do I need the crossdomain.xml file?

             

            Do you know what is a best practice for securing the file on the server? Do I put the files in a directory that is password protected and then is there a way to add a password to the httpservice call in the application as part of my action script?

             

            Thanks