Home > Flex > Flex using BlazeDS with Java. Do you care about security?

Flex using BlazeDS with Java. Do you care about security?

05/23/2009 Leave a comment Go to comments

1. Secure the primary keys
- Store at least the primary key in Session on the way out from java to flex. When you get the request from flex to java, check to make sure the user has access to the primary key they are trying to change.
2. Secure the foreign keys
-Other classes will probably have your customer.id as a foreign key in their class. Make sure these are secure from tampering as well.
3. Secure your remote methods that flex will be calling
-Use remoting-config.xml to exclude methods that the user should not have access to. One way to this:

  <destination id=”customerService”>
        <properties>
            <source>customerService</source>
        </properties>
  <exclude-methods>
  <method name=”updateCustomer” security-constraint=”admin-users”/>
  </exclude-methods>
</destination>

You can read more about this in the BlazeDS dev guide.
4. Secure any other fields that are sensistive and should not be able to be changed by the end user.

references: flexpasta.com

Categories: Flex
  1. QFDaniel
    01/11/2010 at 9:20 pm | #1
    Reply | Quote

    Actually,good post. thx

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.