Flash, parameters, security

Posted by Quandary on Stack Overflow See other posts from Stack Overflow or by Quandary
Published on 2010-05-21T06:08:53Z Indexed on 2010/05/21 6:10 UTC
Read the original article Hit count: 428

Filed under:

flash

|

as3

|

ASP.NET

|

security

|

web-security

Hi, I have a question:

In Flash, I have the ability to save certain info onto the server. Now the problem is the user needs to be authenticated as admin in order to do so.

I can't use sessions, since if you work longer than 20 minutes in the Flash application, the session is gone.

The way I see it, I have 2 possibilities: 1. passing a parameter (bIsAdmin) to Flash from the Website. 2. Launch a http-get request, to get this value (bIsAdmin) from an ashx handler on application startup, when the session has not yet exired.

In my opinion, both possibilities are not really secure... So, Which one is safer, 1 or 2? Or does anybody have a better idea ?

In my opinion, 1 is safer, because with 2, you can just switch a packet tamperer in between, and bang, you're admin, with permission to save (or overwrite, =delete) anything.

© Stack Overflow or respective owner

Related posts about flash

Flash Player error logs on Mac OS X

as seen on Super User - Search for 'Super User'
I'm on Mac OS X 10.5.8 running Flash Player 10,0,32,18. Flash Player is dumping giant amounts of error logging into the system log (stuff like "bit length overflow" and "code 0 bits 6-7"). Here's a tiny sampling: Oct 14 13:09:41 thorst-2 [0x0-0x58058].com.adobe.flash-10.0[2416]: bit length overflow Oct… >>> More
phablet-flash aborting while installing Ubuntu Touch on Nexus 4

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a Nexus 4 with Android 4.3 installed and I want to flash it to Ubuntu Touch. My system is Ubuntu 12.04, running inside a virtual machine on Mac OS 10.5.8. To use the VM, I opened an NAT bridge and forwarded port 5037 for adb, I can see the Nexus with adb and e.g. use the adb shell into it.… >>> More
Mac - Flash file not loaded in independent flash player

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I am working on an independent application to play flash files on Mac. I have already done the same for Linux, and it works flawlessly but on mac for some reason flash is not drawing to my window. It is not throwing any kind of error too. I am using Flash player 10, that would mean that I am… >>> More
How to stream a shoutcast radio broadcast in Flash (Shoutcast Flash Player)

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been looking for a solution to this for years, but nothing is conclusively documented. There are many Shoutcast Flash players out there (e.g. radio.de) so I know it's possible. However, most of my research leads to this: s = new Sound(); s.loadSound ("url.of.shoutcaststream:8003",true); Which… >>> More
Flash Web Design with the Help of Flash Professionals

as seen on Article City - Search for 'Article City'
Flash has often been criticized by web specialists for its relatively slow loading time. It?s also been targeted by many people who have experienced loading problem of a Flash site on the web. But no... [Author: David Jackson - Web Design and Development - August 31, 2009] >>> More

Related posts about as3

Problem with PHP/AS3 - Display PHP query results back to flash via AS3

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Ive made a query in PHP, and i'm trying to send the results back into Flash via AS3, but its throwing up this error Error: Error #2101: The String passed to URLVariables.decode() must be a URL-encoded query string containing name/value pairs. at Error$/throwError() at flash.net::URLVariables/decode() at… >>> More
This Question about how do i learn from basic As3 to advanced as3

as seen on Stack Overflow - Search for 'Stack Overflow'
This Question about how do i learn from basic As3 to advanced as3 , as i want to become professional in as3.And work as freelancer. can anybody guide me how to reach to the peak of Action-Script-3. This question seems to be really funny to many but this is the most basic question in my mind 1) which… >>> More
AS3 OOP MVC with PHP

as seen on Stack Overflow - Search for 'Stack Overflow'
Im new to ActionScript and Flex 3... im trying to develop an MVC 100% OOP application with Flex 3 using MXML,AS3 and PHP. M (PHP) V (MXML) C (AS3) The 3 layers i choose for my development. I have 10 AS3 classes that are object related between them and some inherit or implement interfaces. The only… >>> More
shared object in as3

as seen on Stack Overflow - Search for 'Stack Overflow'
how to drawing program in as3 using shared object >>> More
Flash AS3: (VideoEvent.COMPLETE, completePlay) - listener is triggered before video is completed

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, I have a flash video using the standard FLV Playback component that comes with Flash. I'm using ActionScript 3 to modify the appearance and set up an event listener. I've set it up to go to a new URL using "externalInterface" when the video completes play. The URL is set in a variable using… >>> More