对Flash简单安全的方法MySQL数据库 [英] Simple secure way for Flash to MySQL Database
问题描述
适用于闪存> MySQL数据库集成任何简单,但安全的脚本?我需要的东西了登录数据库。
Any simple, but secure script available for Flash > MySQL DB integration? I need something for a Login DB.
与交换变量的 PHP 是好的,很容易,但显然是不安全的。
Exchanging variables with PHP is nice and easy, but obviously insecure.
通过Remoting?我已经得到了的 Flash 8的远程组件安装和一些想法:的想法-1 ,想法-2 。
via Remoting? I've got the Flash 8 remoting components installed, and some ideas: idea-1, idea-2.
通过的NetConnection 得到了一些线索:导致-1 , 导致-2 。
via NetConnection? Got some leads: lead-1, lead-2.
冷聚变?任何人有任何想法?
不太可能的解决方案:
-
通过XML?任何人有任何想法如何使用XML连接到一个数据库? (AS2或AS3)的
via XML? Anybody has any idea how to use XML to connect to a DB? (AS2 or AS3)
AMF-PHP 是不可能出于安全原因(脚本安装在服务器的根目录)
AMF-PHP is not possible for security reasons (script installed on server root)
编辑:加密应该让PHP的解决方案更可行,但对于提供高安全性的登录数据库只有基本的保障。 参见: SO: 1 ,的2 , 3 ,Adobe公司:<一HREF =http://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps_12.html相对=nofollow> 4 。
Encryption should make the PHP solution more viable, although offering only basic protection for a high-security Login Database. See also: SO: 1, 2, 3, Adobe: 4.
推荐答案
AFAIK是不可能直接通过ActionScript跟一个MySQL服务器(除非有人写了一包,实际上handless净的东西,但我还没有看到1还)。
Afaik it is impossible to talk to a MySQL server directly via ActionScript (unless someone has written a package that actually handless the net stuff, but I haven't seen one yet).
我还要指出的是,你对不安全,因为PHP的此话是不是真的准确吗? 这更糟糕的是,当你真正做到一切从该小程序:这是花生这些天来反编译的.SWF,然后他们会甚至有登录数据的数据库
May I also point out that your remark about "insecure because of PHP" is not really accurate? It is even worse when you actually do everything from the applet: It is peanuts these days to decompile an .SWF and then they will even have the login data for your database.
我觉得,作为Ristonj认为这是最好的,你使用URLRequest类。
I think, as Ristonj suggested that it is best that you use the URLRequest class.
我最常做的是通过对当前的PHP会话ID的小程序,这样我可以包括这一点,并在最初的小程序请求的用户IP。在服务器上我检查,如果IP /会话的会话表和比赛的实际活跃。如果是这样的用户得到一个sort命令令牌,让他来执行的请求,这反过来又可以做你的数据库的更新。
What I usually do is pass on the current php session ID to the applet so that I can include this and the user IP in the initial applet request. On the server I check if the ip/session are actually active in the session table and match. If so the user gets a sort of command token that allows him to perform requests, which in turn can do your database updates.
如果你做的一切,通过SSL连接,你是pretty的安全。 是的,你必须存储在服务器上的PHP脚本,但它更难以得到源代码,这些不只是能够反编译的小程序,并提取了一切:)
If you do all that over an SSL connection, you are pretty safe. And yes, you have to store PHP scripts on the server, but it is more difficult to get the source for these than just being able to decompile the applet and extract everything :)
我喜欢把所有的程序逻辑在服务器上潜在的危险,而不在小程序。
I like to keep all program logic that is potentially dangerous on the server only, NOT in the applet.
这篇关于对Flash简单安全的方法MySQL数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
