macromedia flash actionscript scripting, php, remoting, webservices, c#, javascript
Ads
Recent Entries
Archives
Search
Links
Books
Powered by
Friends
SharpFlash : Extending Flash on the Desktop
I have just seen a really interesting project. It's a project
by Darron Schall and you can find it here.
It can extend your Desktop-Flash-Application with System-Functionalities,
such as storing files etc.. Darron uses wddx to let flash and c# communicate
together so youre datatypes will not lost over the communication.
Posted by hOk at December 29, 2003 04:06 PM
Questionable: FlashCom-Hosting today?
I have just asked me which Provider for Macromedia-Flash Communication
Server would be good choice. I found several FlashCom-Providers by
searching google:
http://media3.net/
http://www.mediatemple.net/
http://www.influxis.com/
http://www.flashcomhosting.com/
http://www.uvault.com/
http://www.moremx.com/
The Prices for a Webspace which supports FlashCom ranges between
10$ to 600$. According to that the Features ranges. So if you take an
cheap one, you will have insufficient bandwith and max. simultaneous
connections to build an rich-internet-application with realtime streaming
sound and video for many people.
Ok, we could pay more and will get more, but is the price worth at the
moment?
Posted by hOk at December 29, 2003 03:33 PM
Security: Signed-Server-Operations
using Macromedia Flash Remoting with AMFPHP
view
download
Abstract
Internetapplications where users have to loged in to be allowed to do operations,
have to be secured against not authorized persons.
Therefore the server have to examine wether a client is authorized before the
execution of the query.
Who a SSL server has available has finally no problem, which concerns security.
Whole server client communication is coded and safe.
In contrast to it the unencrypted transferred signed operations those stand only
guarantee that the operation could only from an authorized client executed.
These are to be supposed to be introduced here.
Safety aspects
- Identity of the sender
Identity-Check, Autentication - Preven Monitoring
This is with the procedure presented here not possible, because we use
only not
decodable Hash-Codes - Authenticity
This is guaranteed by our Hash-Codes - Rebring in from messages
Prevented by our Operation-Keys, which will unulled after usage
Message + Signature = Authenticity
Signature
The authorized client can sign its message. Nobody else can do that,
since he does not have the appropriate password. We use thus the password
and user name as keys or seals.
Security of the password
The password is uncertainly as soon as it in the plain language will
transfer.
We can do it crypts in which we it with a One Way Hash Algorythmus(z.B.: MD5
or SHA1)
into a hash code transform. But if we now transfer, our aggressor only needs
this Hash-Code,
to snap open around himself log in and/or execute an critic operation.
That is a problem and can by the Operation-Key be solved.
Operation-Key
Before the client can call an operation on the server he muse retrieve an
Operation-Key.
This consists of a coincidental not guessable character string. It is valid
only for one operation and
must be sent with the call of an operation.
This Operation-Key will stored in a session so that each user have always
its own Operation-Key
Signature = md5(Message + operationKey + password + username)
Validating
To examine this correctness of the received data, the server builds
md5-Hashes
from the sent message, the current Operation-Key and the passwords from the
user DataBase
if none this Hashes with the conveyed mark agrees the desired operation is
not implemented.
If he finds the suitable md5-Hash we have guaranteed that the operation was
not manipulated
or forbidden.
MySQL-Query that trys to find an user
SELECT * FROM `$dbTable`
WHERE MD5(CONCAT(`$dbColUser`, `$dbColPassword`, '$operationKey',
'$callString')) = '$checksumClient'Posted by hOk at December 27, 2003 05:35 PM
New Place
