|
Home > Archive > Macromedia Flash Server > April 2005 > Another Questions: Security / ticket
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Another Questions: Security / ticket
|
|
| Brook Davies 2005-04-07, 5:49 pm |
| I just realized that anyone can connect to my FCS server and that there is
no real authentication going on. Since my users are first logged in via
Remoting an a username/password, I'm going to have the server issue a
ticket that can then be passed to FCS, which will then verify via remoting.
My problem is how should I keep track of the 'newclient' and still have
access to their data to connect them after the remoting results return. In
the Result handler below, will newclient still exist??
application.onConnect = function(newClient, name,role,video,ticket)
{
newClient.name = name;
newClient.role = role;
newClient.video = video;
newClient.ticket = ticket;
// call the remoting service to check the newclients ticket,. If it exists
in the ticket table, then
// we will allow the connection. Tickets are issued when a user logs in
and are removed after they are 24 hours old.
this.userService.onConnectCheckTicket(client.name,client.ticket);
}
application.onConnectCheckTicket_Result = function(result)
{
// Accept the client's connection
// is newClient still available here????
application.acceptConnection(newClient);
}
Brook
=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
| |
| Bill Sanders 2005-04-07, 5:49 pm |
| Brook,
Can't you set the <Allow> (or some such Vhost tag) to "YourDomain"?
Also, I assume you've looked at:
http://www.macromedia.com/devnet/mx...m/security.html
Bill
On Feb 23, 2005, at 8:25 PM, Brook Davies wrote:
> I just realized that anyone can connect to my FCS server and that
> there is no real authentication going on. Since my users are first
> logged in via Remoting an a username/password, I'm going to have the
> server issue a ticket that can then be passed to FCS, which will then
> verify via remoting.
>
> My problem is how should I keep track of the 'newclient' and still
> have access to their data to connect them after the remoting results
> return. In the Result handler below, will newclient still exist??
>
>
> application.onConnect = function(newClient, name,role,video,ticket)
> {
> newClient.name = name;
> newClient.role = role;
> newClient.video = video;
> newClient.ticket = ticket;
>
> // call the remoting service to check the newclients ticket,. If it
> exists in the ticket table, then
> // we will allow the connection. Tickets are issued when a user logs
> in and are removed after they are 24 hours old.
> this.userService.onConnectCheckTicket(client.name,client.ticket);
>
> }
>
> application.onConnectCheckTicket_Result = function(result)
> {
> // Accept the client's connection
> // is newClient still available here????
> application.acceptConnection(newClient);
> }
>
>
> Brook
>
>
>
>
>
> =-----------------------------------------------------------
> Supported by Fig Leaf Software - http://www.figleaf.com
> =-----------------------------------------------------------
>
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>
>
bill sanders | www.sandlight.com | bloomfield, ct | 860-242-2260
=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
| |
|
| I think you need to use this:
this.userService.onConnectCheckTicket(newClient.name,newClient.ticket);
Ruben =D3
-----Mensaje original-----
De: flashcomm-bounces-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
[mailto:flashcomm-bounces-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org] En nombre de Brook
Davies
Enviado el: Mi=E9rcoles, 23 de Febrero de 2005 10:25 p.m.
Para: flashcomm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
Asunto: [FlashComm] Another Questions: Security / ticket
I just realized that anyone can connect to my FCS server and that there
is=20
no real authentication going on. Since my users are first logged in via=20
Remoting an a username/password, I'm going to have the server issue a=20
ticket that can then be passed to FCS, which will then verify via
remoting.
My problem is how should I keep track of the 'newclient' and still have=20
access to their data to connect them after the remoting results return.
In=20
the Result handler below, will newclient still exist??
application.onConnect =3D function(newClient, name,role,video,ticket)
{
newClient.name =3D name;
newClient.role =3D role;
newClient.video =3D video;
newClient.ticket =3D ticket;
=09
// call the remoting service to check the newclients ticket,. If
it exists=20
in the ticket table, then
// we will allow the connection. Tickets are issued when a user
logs in=20
and are removed after they are 24 hours old.
=09
this.userService.onConnectCheckTicket(client.name,client.ticket);
}
application.onConnectCheckTicket_Result =3D function(result)
{
// Accept the client's connection
// is newClient still available here????
application.acceptConnection(newClient);
}
Brook
=09
=09
=3D-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=3D-----------------------------------------------------------
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
--=20
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.4.0 - Release Date: 22/02/2005
=20
--=20
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.4.0 - Release Date: 22/02/2005
=20
=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
|
|
|
|
|