Flasher Archive

[Previous] [Next] - [Index] [Thread Index] - [Previous in Thread] [Next in Thread]


Subject: RE: FLASH: Flash:SSL security with Flash4
From: Damian Morton
Date: Thu, 2 Mar 2000 22:37:07 GMT

Only one way to confirm this:

do a transaction from within flash and check using a network monitor what
the data being transmitted looks like

> -----Original Message-----
> From: owneratchinwag [dot] com [owneratchinwag [dot] com]On">mailto:owneratchinwag [dot] com]On Behalf Of Neal
> Cabage
> Sent: Thursday, March 02, 2000 9:09 AM
> To: flasheratchinwag [dot] com
> Subject: Re: FLASH: Flash:SSL security with Flash4
>
>
> Hmmm. Yeah I guess I called it GET because I was basically
> hex-encoding a
> string that would resemble something that would be appended to the URL if
> sending as GET. I frankly wasn't sure how it got back to Flash - I just
> make the logical jump as a presumption.
>
> Ok, so you're point is well taken that the transport of
> information *back to
> Flash* as a standard HTTP package (which is the same a POST I
> believe), but
> I am still wondering if that data will be secure. provided that
> this is how
> it is being transmitted, I am pretty sure that the answer would be "yes".
> Can you confirm that?
>
>
> Thanks.
> Neal
>
> ----- Original Message -----
> From: Damian Morton <mortonatdennisinter [dot] com>
> To: <flasheratchinwag [dot] com>
> Sent: Thursday, March 02, 2000 9:43 PM
> Subject: RE: FLASH: Flash:SSL security with Flash4
>
>
> Neal, you are completely off base here
>
> you can *send* a request for info using GET or POST (or even POST with
> additional variables in the URL)
> when using Load Variables, the variables are returned as a normal HTTP
> package, encoded in 'application/x-www-urlencoded' format
>
> if you do your Load Variables action to a URL of the form
> 'https://myserver.com/path/to/my/page', that _transaction_ (the variables
> sent, and the info returned) will be encrypted using SSL
> encryption. The URL
> isnt encrypted, the POST data is. Im not sure about GET data, that is, the
> info encoded after the '?' in a URL.
>
> > -----Original Message-----
> > From: owneratchinwag [dot] com [owneratchinwag [dot] com]On">mailto:owneratchinwag [dot] com]On Behalf Of Neal
> > Cabage
> > Sent: Thursday, March 02, 2000 8:25 AM
> > To: flasheratchinwag [dot] com
> > Subject: FLASH: Flash:SSL security with Flash4
> >
> >
> > Question. I know that an SSL works to encrypt info being sent to/from
> > server/client based upon the algorithm defined in your verisign
> > certificate,
> > etc, etc. I don't *really* know a lot more about it beyond that
> > though. I
> > presumption I have made however, is that it requires you to
> submit secure
> > info using the POST method. Afterall, if you encrypt the URL,
> how will you
> > ever find your page?
> >
> > The problem if my presumption is correct, is that, while you can
> > *send* info
> > via POST from a Flash applet, you can only put it back into Flash
> > using the
> > *GET* method. Thus, I would presume that the only way to create
> > a *secure*
> > transaction (presuming information needs to be displayed for
> confirmation
> > prior to transaction) is to (a) do this section in HTML, or (b) use a
> > server-side rendering tool such as Generator.
> >
> > Am I completely off base here or is this accurate?
> >
> > Thanks!
> > Neal
> >
> >
> > flasher is generously supported by...
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > flashforward2000 and The Flash Film Festival
> > "The World's Premier Flash Solutions Conference and Expo"
> > March 27-29, Nob Hill Masonic Center, San Francisco, California
> >
> > -Register before Feb 25 and save $200!!-- www.flashforward2000.com
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > To unsubscribe or change your list settings go to
> > http://www.chinwag.com/flasher or email helpatchinwag [dot] com
> >
> >
>
>
> flasher is generously supported by...
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> flashforward2000 and The Flash Film Festival
> "The World's Premier Flash Solutions Conference and Expo"
> March 27-29, Nob Hill Masonic Center, San Francisco, California
>
> -Register before Feb 25 and save $200!!-- www.flashforward2000.com
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> To unsubscribe or change your list settings go to
> http://www.chinwag.com/flasher or email helpatchinwag [dot] com
>
>
>
>
> flasher is generously supported by...
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> flashforward2000 and The Flash Film Festival
> "The World�s Premier Flash Solutions Conference and Expo"
> March 27-29, Nob Hill Masonic Center, San Francisco, California
>
> -Register before Feb 25 and save $200!!-- www.flashforward2000.com
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> To unsubscribe or change your list settings go to
> http://www.chinwag.com/flasher or email helpatchinwag [dot] com
>


flasher is generously supported by...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
flashforward2000 and The Flash Film Festival
"The World�s Premier Flash Solutions Conference and Expo"
March 27-29, Nob Hill Masonic Center, San Francisco, California

-Register before Feb 25 and save $200!!-- www.flashforward2000.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe or change your list settings go to
http://www.chinwag.com/flasher or email helpatchinwag [dot] com


Replies
  Re: FLASH: Flash:SSL security with Flash, Neal Cabage

[Previous] [Next] - [Index] [Thread Index] - [Next in Thread] [Previous in Thread]