I have a working application that pulls data from a server and then populates the local sql lite database on the users mobile phone. How do I set it up so that http service call is secure.
Currently the file I am accessing is an xml file on my company server in the public directory.
The simple answer is to use https: in the URL for the http service. Since the mobile AIR app will not be loaded from the domain it is accessing, the server needs a 'secure="false"' entry in the crossdomain.xml. Seems backwards, but secure="false" allows https access from non https domains, secure="true" (default) only allows https access if the SWF was loaded via https.
Thanks for the help. I am very new to this and appreciate the help, I just want to make sure so I dont get fired.LOL
I set the code to use https in the URL and ran the application, it works both with(https) and without (http). I assume that when it pulls using https, it uses the cert in the server and sends that data securely.
I also was able to run this without and with the crossdomain.xml file on the server, do I need the crossdomain.xml file?
Do you know what is a best practice for securing the file on the server? Do I put the files in a directory that is password protected and then is there a way to add a password to the httpservice call in the application as part of my action script?