Flash, parameters, security
Posted
by Quandary
on Stack Overflow
See other posts from Stack Overflow
or by Quandary
Published on 2010-05-21T06:08:53Z
Indexed on
2010/05/21
6:10 UTC
Read the original article
Hit count: 372
Hi, I have a question:
In Flash, I have the ability to save certain info onto the server. Now the problem is the user needs to be authenticated as admin in order to do so.
I can't use sessions, since if you work longer than 20 minutes in the Flash application, the session is gone.
The way I see it, I have 2 possibilities: 1. passing a parameter (bIsAdmin) to Flash from the Website. 2. Launch a http-get request, to get this value (bIsAdmin) from an ashx handler on application startup, when the session has not yet exired.
In my opinion, both possibilities are not really secure... So, Which one is safer, 1 or 2? Or does anybody have a better idea ?
In my opinion, 1 is safer, because with 2, you can just switch a packet tamperer in between, and bang, you're admin, with permission to save (or overwrite, =delete) anything.
© Stack Overflow or respective owner