Howdy folks :cowboy:
My question is, is there a way to send variables from PHP to Flash in a secure manner? Using echo() from the PHP file is too open to be considered secure. I want to make a really basic non-mysql user authentication for my flash movie. I know how to make the authentication work except there’s always the issue with those variables.
I was thinking, is there some way to send variables from PHP to flash using the POST method? At least that way the variables are invisible to the visitors. I’m not sure how to do that though.
[QUOTE=Jubba;443944]well what you should do is save the username and password in md5() hashed form. Then just compare the strings. That way even if they find the PHP page and get the code, all they will have is a bunch of hashes that aren’t decodeable…
edit: in all actuality you should be saving the files in a database, not in a file, but I understand that sometimes you don’t have access to a database…[/QUOTE]
This is really a bit old topic but… I don’t know exactly what did you mean with MD5, but I still haven’t found solution, how to secure communication between flash and php (I mean, how to ensure, that variables can be passed into php scrit only from flash - typical highscore table problem). You said MD5? So you mean you have variable encoded with MD5 and this variable sent to php? But i can read http headers and get the MD5 string… and that string again passed from my own form with POST method… Any ideas how to correctly secure flash php communication??
[QUOTE=Jubba;443944]well what you should do is save the username and password in md5() hashed form. Then just compare the strings. That way even if they find the PHP page and get the code, all they will have is a bunch of hashes that aren’t decodeable…
edit: in all actuality you should be saving the files in a database, not in a file, but I understand that sometimes you don’t have access to a database…[/QUOTE]
This is really a bit old topic but… I don’t know exactly what did you mean with MD5, but I still haven’t found solution, how to secure communication between flash and php (I mean, how to ensure, that variables can be passed into php scrit only from flash - typical highscore table problem). You said MD5? So you mean you have variable encoded with MD5 and this variable sent to php? But i can read http headers and get the MD5 string… and that string again passed from my own form with POST method… Any ideas how to correctly secure flash php communication??
Only one thing crossed my mind. Implement own simple but hard to guess algorithm, which computes new hash value from one other md5 hash and from highscore value. The bad guy want to give php script own highscore value, but he can give correct hash corresponding with that highscore… And for safety - better implement more algorithms and at the beginning exchange type of algorithm between flash and php… And is very important to encrypt swf file… Is is safe? Is it safe to encrypt swf file?
There’s a couple of ways I would do it. I use swfObject to embed my swfs. When I write a class to handle the interaction btwn php/flash, I will write a method to generate the code to call the swfObject javascript file. I will then use a conditional to check whether certain $_SESSION variables are set, and if they are, I will use the javascript addVariables() method in swfObject to send information to the swf at the root level.
