Hi,

I am trying to create a login functionality in Flex and i'm going to be sending the username and password through a webservice for authentication. My question is, throughout the lifecycle of my application, what kind of session management should I doing? Since it's a binary file, (the swf) i'm sure it should be safe to just send the username/password as it is, without encryption? Please let me know or point me to the docs which I should read about Flex session management.

Thanks!

Well security is pretty much a never ending requirement - where you can always be much more secure than you are now...
EDIT
Since it's a binary file, (the swf) i'm sure it should be safe to just send the username/password as it is, without encryption?


No, the traffic sent from a swf to the server, and vice versa can be sniffed without any problem at all and definitely needs to be encrypted.

So, if by sessions you mean ssl, well that would be a good place from which to start looking at security. If not, then I think you'll almost certainly need something better.