Home > Flex > Flex using BlazeDS with Java. Do you care about security?

Flex using BlazeDS with Java. Do you care about security?

1. Secure the primary keys
– Store at least the primary key in Session on the way out from java to flex. When you get the request from flex to java, check to make sure the user has access to the primary key they are trying to change.
2. Secure the foreign keys
-Other classes will probably have your customer.id as a foreign key in their class. Make sure these are secure from tampering as well.
3. Secure your remote methods that flex will be calling
-Use remoting-config.xml to exclude methods that the user should not have access to. One way to this:

  <destination id=”customerService”>
        <properties>
            <source>customerService</source>
        </properties>
  <exclude-methods>
  <method name=”updateCustomer” security-constraint=”admin-users”/>
  </exclude-methods>
</destination>

You can read more about this in the BlazeDS dev guide.
4. Secure any other fields that are sensistive and should not be able to be changed by the end user.

references: flexpasta.com

Advertisements
Categories: Flex
  1. 01/11/2010 at 9:20 pm

    Actually,good post. thx

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: