Unless the code for an swf file is secured and cannot be decompiled, which is not bloody likely, all of the calls to the db will be accessable to the would-be hacker.

If you put your authentication information in the swf, you have just given the entire world permission to hack your db.

The server side authentication is still needed to prevent information theft and corruption; however, if they ever figure out a way to secure the swf from being decompiled, and still give the performace the world expects, I will be the first to say hooray.

this is in the wrong section probably....
Also, you have the idea all wrong............
Flash can not connect to a database, period! only server side scripts can. no one (probably) is going to hack your php/asp scripts. php then tells flash what the database said.

It is the wrong section...also, on a side note, the server-side script can be exploited as well, which is why people use DLL's and COM objects to actually house the SQL, and protect against injection attacks.

Damn hackers, trying to be so hacky.

this is in the wrong section probably....
Also, you have the idea all wrong............
Flash can not connect to a database, period! only server side scripts can. no one (probably) is going to hack your php/asp scripts. php then tells flash what the database said.
i think with AS3 this is possible actually since you can connect to different ports and read and push binary streams. so if you understand the protocol involved it is doable.

Now the hackers have hacked my AS.org password they can make heaps of senseless posts and advertise for products, oh wait I do that anyway.

Unless the code for an swf file is secured and cannot be decompiled, which is not bloody likely, all of the calls to the db will be accessable to the would-be hacker.

If you put your authentication information in the swf, you have just given the entire world permission to hack your db.

The server side authentication is still needed to prevent information theft and corruption; however, if they ever figure out a way to secure the swf from being decompiled, and still give the performace the world expects, I will be the first to say hooray.

Do not put username and passwords in your SWF. If you need to query a passworded database then require user to enter a username/password via a form AND use an https connection.

i think with AS3 this is possible actually since you can connect to different ports and read and push binary streams. so if you understand the protocol involved it is doable.

Man, as 3.0 must be a beast. with this a getSoundSpectrum functions. Can't wait.

as3 is a nice beast, one i am spending my free time to the extent that i am going to get my @ss dumped. seriously though i think the boundries have been moved drastically.

ps FG is see barn's website is a link on your footer, is that an ever so unsubtle dig at ON?

Hm....I'd rather let that go. :D

But in all honestly, he does have a very nice site. And is very generous with his source files. I learned how to use nested loops from his site! It actually is favorite of mine.

But back to the original question: If AS 3.0 can connect to a database and it is a client side application, are people who program for that in for a world of hurt? As i understand it, I would never put any passwords or sentive data in my flash app. Any thoughts?

You wouldnt be putting in..you'd just be executing against a database to get the information. Once the app is closed..its gone..

no i don't think they are in for a world of pain, the only limitation i see currently with the 8.5 runtime is the inability to listen on sockets, its one thing to send on a socket but listening would be great. adobe consider this a security risk (i can understand that). like anything else in life bad habits, poor design and gross stupidity are the things to watch out against with this, if you can eliminate those 3 things (if only!) then i can't see why this would be more insecure than any other app. a wee bit of a porblem i think would be peoples personal firewalls as these close a large amount of ports.

... the only limitation i see currently with the 8.5 runtime is the inability to listen on sockets, its one thing to send on a socket but listening would be great. ...

It would be nice to be able to listen on a socket, but as I don't see AS as a great server platform I'm not too concerned about it. It does let me open a socket to another app and hold it open, receiving data and sending it.

yes but listening on a socket would give me the ability to connect peer to peer.someone told me the code is in the player but that its just commented out due to the security implications.