I know there are a lot of topics already on this. I have read (hundreds of) them and I’d still like your input.
If I have a flash UI that takes user input and passes it to PHP; is this secure?
I have read that, yes, this is okay. I have also read that no, you need to encrypt the data, by say hashing it before sending to PHP. OK, easy, I do this already but…
In my case I have the data/password stored (when the user inputs it, not in the swf of course) and sent every time I want to access any PHP (using AMFPHP). The PHP check this password each time and only runs if it gets the correct password. So in this case if I hash the password, it makes no difference, it just changes what the password is rather than providing any actual security (well maybe minimal because it’s less recognizable).
So can someone extract a password that is sent from flash to PHP?
Any information on this is greatly appreciated!
