Flash到MySQL数据库的简单安全方式 [英] Simple secure way for Flash to MySQL Database
问题描述
任何简单但安全的脚本可用于 Flash> MySQL DB 集成?我需要一个登录数据库的东西。
使用 PHP 交换变量是很好而且容易,但显然不安全。
通过Remoting?我有安装了Flash 8 remoting组件,以及一些想法: idea-1 , idea- 2 。 透过NetConnection?有几个潜在客户: lead-1 , lead-2 。 / p>
冷聚变?。任何人都有任何想法?
不太可能的解决方案:
-
通过XML?使用XML连接到数据库?出于安全原因(脚本安装在以下位置),无法使用(AS2或AS3)
-
AMF-PHP <服务器根目录)
编辑:加密应该使PHP解决方案更可行,尽管仅为高安全性登录数据库提供基本保护。 另请参阅: SO: 1 ,2 , 3 ,Adobe: 4 。
Afaik不可能直接通过ActionScript与MySQL服务器交谈(除非有人编写了一个实际上没有网络内容的包,但我还没有看到) p>
我还可以指出,你对由于PHP不安全的评论不是真的准确吗?
更糟糕的是,当你实际上从applet做的一切:这些天花生反编译一个.SWF,然后他们甚至有你的数据库的登录数据。
我认为,因为Ristonj建议最好是使用URLRequest类。
我通常做的是将当前的php会话ID传递给applet,以便我可以在初始applet请求中包括这个和用户IP。在服务器上,我检查ip /会话是否实际上在会话表中是活动的并且匹配。如果是这样,用户获得一种命令令牌,允许他执行请求,这反过来可以进行数据库更新。
如果你通过SSL连接,你是相当安全。
是的,你必须在服务器上存储PHP脚本,但是更难以获得这些源代码,而不仅仅是能够反编译applet并提取所有内容:)
我喜欢保留所有在服务器上潜在危险的程序逻辑,而不是在小程序中。
Any simple, but secure script available for Flash > MySQL DB integration? I need something for a Login DB.
Exchanging variables with PHP is nice and easy, but obviously insecure.
via Remoting? I've got the Flash 8 remoting components installed, and some ideas: idea-1, idea-2.
via NetConnection? Got some leads: lead-1, lead-2.
Cold Fusion? Anybody has any ideas?
Less likely solutions:
via XML? Anybody has any idea how to use XML to connect to a DB? (AS2 or AS3)
AMF-PHP is not possible for security reasons (script installed on server root)
- Java Server ras to be specially installed on server.
Edit: Encryption should make the PHP solution more viable, although offering only basic protection for a high-security Login Database. See also: SO: 1, 2, 3, Adobe: 4.
Afaik it is impossible to talk to a MySQL server directly via ActionScript (unless someone has written a package that actually handless the net stuff, but I haven't seen one yet).
May I also point out that your remark about "insecure because of PHP" is not really accurate? It is even worse when you actually do everything from the applet: It is peanuts these days to decompile an .SWF and then they will even have the login data for your database.
I think, as Ristonj suggested that it is best that you use the URLRequest class.
What I usually do is pass on the current php session ID to the applet so that I can include this and the user IP in the initial applet request. On the server I check if the ip/session are actually active in the session table and match. If so the user gets a sort of command token that allows him to perform requests, which in turn can do your database updates.
If you do all that over an SSL connection, you are pretty safe. And yes, you have to store PHP scripts on the server, but it is more difficult to get the source for these than just being able to decompile the applet and extract everything :)
I like to keep all program logic that is potentially dangerous on the server only, NOT in the applet.
这篇关于Flash到MySQL数据库的简单安全方式的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
