Flash, parameters, security

Posted by Quandary on Stack Overflow See other posts from Stack Overflow or by Quandary
Published on 2010-05-21T06:08:53Z Indexed on 2010/05/21 6:10 UTC
Read the original article Hit count: 372

Filed under:
|
|
|
|

Hi, I have a question:

In Flash, I have the ability to save certain info onto the server. Now the problem is the user needs to be authenticated as admin in order to do so.

I can't use sessions, since if you work longer than 20 minutes in the Flash application, the session is gone.

The way I see it, I have 2 possibilities: 1. passing a parameter (bIsAdmin) to Flash from the Website. 2. Launch a http-get request, to get this value (bIsAdmin) from an ashx handler on application startup, when the session has not yet exired.

In my opinion, both possibilities are not really secure... So, Which one is safer, 1 or 2? Or does anybody have a better idea ?

In my opinion, 1 is safer, because with 2, you can just switch a packet tamperer in between, and bang, you're admin, with permission to save (or overwrite, =delete) anything.

© Stack Overflow or respective owner

Related posts about flash

Related posts about as3