need help with connection string

Forum|Forum|19 years ago
October 17, 2006
1 reply
358 views

i keep reading that it is not secure to hard code the connection string to the server into my swf. so how can i get the string into my swf without anyone else being able to get it. where do i put it and how do i then get it into the swf at runtime?

thanx.

This topic has been closed for replies.

A

Anonymous

In the end, the connection data will be visible to the client... it's just a matter of how hard one has to look for it. You could make a loadVars or remoting call on the client side to get the data (as opposed to hardcoding it into your .swf), but you're really just making it harder to find, rather than hiding it. In the end, if you pass the data to the client, it can be found.

A better way of thinking is to secure your applications on the server side. That way, it doesn't matter of someone knows where your applications are.

A

Anonymous

thanks for the reply jay, i was under the impression that there was a sure fire way of hiding it and if somebody got it they could reak serious havok over an application.

i just have another question to follow on from your reply, though this may be beyond the scope of these forums perhaps you could point me in the right direction:

is is possible to set the files of an application so that when they are on the server they can only be accessed and used by a swf that has come from the same domain. i'm thinking like so the only thing that is accessable on the server is the main swf and then that swf can load everything it needs from the server because it is in the domain sandbox. but anything, or anybody that has not come from that domain cannot access anything except the main swf.

so if you had an xml configuration file for an application on the server and someone typed in www.mydomain.com/config.xml they would be denied access to it, but when the swf is loaded into the browser fom www.mydomain.com it will be able to load the config.xml. and the same would go for all things like CFCs and DLLs which access a database ect ect.

A

Anonymous

quote:

Originally posted by: doof moof
i was under the impression that there was a sure fire way of hiding it and if somebody got it they could reak serious havok over an application.

Unless the application is built so badly that there are open doors to the file system, I wouldn't worry so much about havok. What I would worry about is abuse of your FMS license and server resources. If your app isn't properly secured on the server side, it's very easy to connect to it ans start publishing streams over it (as in leeching connections and bandwidth).

is is possible to set the files of an application so that when they are on the server they can only be accessed and used by a swf that has come from the same domain. i'm thinking like so the only thing that is accessable on the server is the main swf and then that swf can load everything it needs from the server because it is in the domain sandbox. but anything, or anybody that has not come from that domain cannot access anything except the main swf.

Sure... that can be done. You can do it on the server level (by setting permissions on those files directly), or you can proxy your files through an application server script, and have the app server verify the referrer. If you want some examples, have a look at some of the hotlink prevention scripts out there.... it's the same principle really.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded