Flex 中的安全性 – 是否可以操纵下载的代码并执行 Web 服务 [英] Security in Flex – is it possible to manipulate downloaded code and execute web service
问题描述
我正在 Flex 中设计应用程序,该应用程序连接到一些 Web 服务以执行一些金融交易.Web 服务使用 https 协议进行保护,并要求在每次请求登录时创建用户令牌.这用于验证和授权用户.到现在为止还挺好.
I am designing the application in Flex that connects to some web services to perform some financial transactions. Web services are secured using https protocol and are asking for user token created at login on each request. This is used to authenticate and authorize the user. So far so good.
技巧部分是并非我们所有的 Web 服务都是粗粒度的.举个例子,我们可以有两种 Web 服务方法:EnoughFounds 和 Transfer.因此,只有在 EnoughFounds 方法回复true"后,我才会执行 Transfer.此逻辑是在 Flex 应用程序代码中编写的.
The trick part is that not all of our web services are coarsely grained. To give you an example, we can have two web service methods: EnoughFounds and Transfer. So, only after the method EnoughFounds replies "true" will I execute Transfer. This logic is programmed inside the Flex application code.
我呈现的场景如下:如果有人下载应用程序并反编译它会怎样.然后修改代码,因此不执行步骤 EnougFunds.或者可能编写一个全新的客户端,甚至可能使用其他技术来执行 Transfer 而不通过 EnoughFunds 步骤.在执行 Transfer 时,用户将在服务器上获得授权和身份验证;但由于他使用的是他的真实凭据,他将能够执行转移.他跳过的检查属于业务逻辑而不是安全域.我需要以某种方式确保执行应用程序的代码是我编写和用户下载的未经修改的 Flex 代码.我怎样才能做到这一点?我知道我可以重写服务,以便在服务器上执行序列,但这意味着需要付出巨大的努力,我正在寻找其他类型的解决方案.
The scenario I am presented is the following: What if someone downloads the application and decompiles it. Than modifies the code so the step EnougFunds is not executed. Or maybe writes a completely new client maybe in even other technology that will execute Transfer without passing through EnoughFunds step. On executing Transfer, user will be authorized and authenticated on the server; but since he is using his real credentials, he will be able to execute the Transfer. The check that he skipped belongs to business logic and not security domain. I need somehow to make sure that the code that is executing the application is unmodified Flex code that I wrote and user downloaded. How can I do that? I know I can rewrite services so that the sequence is executed on the server, but that implies significant effort and I am looking for some other kind of solution.
在我看来,必须有一些安全机制可以解决这个特定的问题.
It seems to me that there must be some security mechanisms that would resolve this particular problem.
请注意,我不是在寻求有关最佳实践的建议.我的要求是不要在服务器端更改任何内容.如何在不更改服务的情况下在协议级别保护序列?
Please note that I am not looking for advice on best practices. My requirement is not to change anything on the server-side. How can I secure the sequence on protocol level, without changing services?
推荐答案
这是一个很大的错误.任何足够重要的业务规则都必须在服务中进行检查.必须是这样,无论客户做什么,服务都不会让任何不好的事情发生.
This is a big mistake. Any business rules important enough to matter must be checked in the service. It must be the case that, no matter what the client does, the service never lets anything bad happen.
特别是,有一个 EnoughFunds 操作是有意义的,因为如果 EnoughFunds 返回 false,您可以告诉用户他没有足够的资金.但是,Transfer 操作必须检查是否有足够的资金,而不是依赖客户端进行如此重要的检查.
In particular, it makes sense to have an EnoughFunds operation because if EnoughFunds returns false, you can tell the user that he doesn't have enough funds. However, the Transfer operation must check to see if there are enough funds, and not depend on the client for such an important check.
这篇关于Flex 中的安全性 – 是否可以操纵下载的代码并执行 Web 服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
