Manualshelf

Specifications

ManualsBrandsApache ManualsGadgetsMP3-341
11121314151617181920
CHAPTER 1
10
Secure phase
Security is not necessarily a phase of the application development process, but is an issue that you should take into
consideration during the entire development process. That is, you do not configure, build, test, and deploy an
application, and then define the security issues. Rather, you take security into consideration during all phases.
Building security into your application often takes the following main efforts:
Using the security features built into Flash Player
Building security into your application
Flash Player has several security features built into it, including sandbox security, that you can take advantage of
because you are building applications for Flash Player.
But, Flash Player security is not enough for many application requirements. For example, your application may
require the user to log in, or perform authentication in some other way, before accessing data services. When you
must handle security issues beyond those built into Flash Player, design them into your application from the initial
design phase, test them during the compile phase, and verify them during the deploy phase.
For more information on security, see Applying Flex Security” on page 29.
About the security model
The Flex security model protects both the client and the server. Consider the following general aspects of security
when you deploy Flex applications:
Flash Player operating in a sandbox on the client
Authorizing and authenticating users who access a server’s resources
Flash Player runs inside a security sandbox that prevents the client from being hijacked by malicious application
code. This sandbox prevents a user from running a Flex application that can access system files and perform other
tasks.
Flash Player security
Flash Player has an extensive list of features that ensure Flash content is secure, including the following:
Uses the encryption capabilities of SSL in the browser to encrypt all communications between a Flash appli-
cation and the server
Includes an extensive sandbox security system that limits transfer of information that might pose a risk to
security or privacy
Does not allow applications to read data from the local drive, except for SharedObjects that were created by
that domain
Does not allow writing any data to the disk except for data that is encapsulated in SharedObjects