Re: FLASH: Flash:SSL security with Flash4

[Neal Cabage]

Hmmm.   Yeah I guess I called it GET because I was basically hex-encoding a

string that would resemble something that would be appended to the URL if

sending as GET.  I frankly wasn't sure how it got back to Flash - I just

make the logical jump as a presumption.


Ok, so you're point is well taken that the transport of information *back to

Flash* as a standard HTTP package (which is the same a POST I believe),  but

I am still wondering if that data will be secure.  provided that this is how

it is being transmitted, I am pretty sure that the answer would be "yes".

Can you confirm that?



Thanks.

Neal


----- Original Message -----

From: Damian Morton <

mortondennisinter [dot] com

>

To: <

flasherchinwag [dot] com

>

Sent: Thursday, March 02, 2000 9:43 PM

Subject: RE: FLASH: Flash:SSL security with Flash4



Neal, you are completely off base here


you can *send* a request for info using GET or POST (or even POST with

additional variables in the URL)

when using Load Variables, the variables are returned as a normal HTTP

package, encoded in 'application/x-www-urlencoded' format


if you do your Load Variables action to a URL of the form

'https://myserver.com/path/to/my/page', that _transaction_ (the variables

sent, and the info returned) will be encrypted using SSL encryption. The URL

isnt encrypted, the POST data is. Im not sure about GET data, that is, the

info encoded after the '?' in a URL.


> -----Original Message-----

>

From: ownerchinwag [dot] com [ownerchinwag [dot] com]On">mailto:ownerchinwag [dot] com]On Behalf Of Neal

> Cabage

> Sent: Thursday, March 02, 2000 8:25 AM

>

To: flasherchinwag [dot] com

> Subject: FLASH: Flash:SSL security with Flash4

>

>

> Question.  I know that an SSL works to encrypt info being sent to/from

> server/client based upon the algorithm defined in your verisign

> certificate,

> etc, etc.  I don't *really* know a lot more about it beyond that

> though.  I

> presumption I have made however, is that it requires you to submit secure

> info using the POST method. Afterall, if you encrypt the URL, how will you

> ever find your page?

>

> The problem if my presumption is correct, is that, while you can

> *send* info

> via POST from a Flash applet, you can only put it back into Flash

> using the

> *GET* method.  Thus, I would presume that the only way to create

> a *secure*

> transaction (presuming information needs to be displayed for confirmation

> prior to transaction) is to (a) do this section in HTML, or (b) use a

> server-side rendering tool such as Generator.

>

> Am I completely off base here or is this accurate?

>

> Thanks!

> Neal

>

>

> flasher is generously supported by...

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>      flashforward2000 and The Flash Film Festival

>   "The World's Premier Flash Solutions Conference and Expo"

>  March 27-29, Nob Hill Masonic Center, San Francisco, California

>

> -Register before Feb 25 and save $200!!-- www.flashforward2000.com

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> To unsubscribe or change your list settings go to

>

http://www.chinwag.com/flasher or email helpchinwag [dot] com

>

>



flasher is generously supported by...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     flashforward2000 and The Flash Film Festival

  "The World's Premier Flash Solutions Conference and Expo"

 March 27-29, Nob Hill Masonic Center, San Francisco, California


-Register before Feb 25 and save $200!!-- www.flashforward2000.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To unsubscribe or change your list settings go to

http://www.chinwag.com/flasher or email

helpchinwag [dot] com

flasher is generously supported by...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     flashforward2000 and The Flash Film Festival

  "The World�s Premier Flash Solutions Conference and Expo"

 March 27-29, Nob Hill Masonic Center, San Francisco, California


-Register before Feb 25 and save $200!!-- www.flashforward2000.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To unsubscribe or change your list settings go to

http://www.chinwag.com/flasher or email

helpchinwag [dot] com