Home Tutorials Forums Articles Blogs Movies Library Employment Press
Old 06-06-2005, 05:27 PM   #1
dixieflatline
Registered User
 
Join Date: Jun 2005
Posts: 77
Default how to save variables locally, and securely

Hi,

I would love to hear some ideas from you if possible. I am working on a standalone application project, and would like to save a username and password as simply as possible in a store (cookie like) on the local machine.

I would also like to encrypt/decrypt the information if possible.

It will be set once and kept on the machine, similar to the way you save credentials for a chat client.

Any assistance would be appreciated.

Thanks,

C.
dixieflatline is offline   Reply With Quote
Old 06-06-2005, 05:31 PM   #2
oldnewbie
Banned by AS.org Staff
 
Join Date: Mar 2002
Posts: 10,533
Default

http://www.actionscripts.org/tutoria...ts/index.shtml
oldnewbie is offline   Reply With Quote
Old 06-06-2005, 05:42 PM   #3
dixieflatline
Registered User
 
Join Date: Jun 2005
Posts: 77
Default

Thanks for the super quick response.

That works fine! I have some links to encrypt the data but they are all overkill. You don't know of a simple solution do you? The data does reside on the client machine, so I don't need to go mad.

Many thanks again.

C.
dixieflatline is offline   Reply With Quote
Old 06-06-2005, 06:11 PM   #4
sleekdigital
I like pizza!
 
Join Date: Feb 2003
Location: PA
Posts: 1,310
Send a message via AIM to sleekdigital Send a message via MSN to sleekdigital Send a message via Yahoo to sleekdigital
Default

http://www.layer51.com/proto/d.aspx?f=1247
sleekdigital is offline   Reply With Quote
Old 06-06-2005, 06:39 PM   #5
topdogger
PHP Pro
 
Join Date: May 2005
Location: Canada, Saskatchewan. Not in an igloo...
Posts: 38
Send a message via MSN to topdogger
Default

You could just send some information with sendandload to a php page and have php create a session. Then once the user closes that internet browser the information is gone. That might be what your looking for. Like cookies but more temporary.
topdogger is offline   Reply With Quote
Old 06-06-2005, 10:24 PM   #6
dixieflatline
Registered User
 
Join Date: Jun 2005
Posts: 77
Default

Hey topdogger,

It's an odd situation. The app is totally stand alone, however I do spawn new windows under certain circumstances using stored login credentials. As it's standalone, I need a local store to deal with these variables before I talk to the server. Also Securing them is just something I have to do.

Hey sleekdigital,

Thanks for that link. I will test that one and a few others i have found.

C.
dixieflatline is offline   Reply With Quote
Old 06-06-2005, 10:42 PM   #7
madgett
is my last name...
 
Join Date: May 2004
Posts: 1,051
Default

Quote:
Originally Posted by topdogger
You could just send some information with sendandload to a php page and have php create a session. Then once the user closes that internet browser the information is gone. That might be what your looking for. Like cookies but more temporary.
Yes, PHP sessions are hard to beat, even if you dynamically change your ip address during the session and attempt to steal the session and make yourself invible, unless you know the complete backend you will not get anywhere. So I find using PHP sessions very secure.
__________________
Anything is possible with Flash, it's just a matter of inventing the possibilities
Certified Swfwizard
madgett is offline   Reply With Quote
Old 06-06-2005, 11:18 PM   #8
dixieflatline
Registered User
 
Join Date: Jun 2005
Posts: 77
Default

Hi,

I agree, however I am not sure how that helps me.

Good fun security topic though for CSS, Param tampering and session hijacking.

Further Info if you are up for discussion

I am using Zinc (mdm) to wrap a flash application. The app uses LoadVars to perform a SendAndLoad against a server I do NOT have any control over. As I have no control and as I am in a stand alone player, I can not manipulate very much. Also not being in the same domain as the server limits me further.

I can however prove successful authentication with a GET (as the POST also does not work) and then set a temporary variable to use inside a send POST.

What I need is this information kept so I can use it in the future, bypassing the Login test and variable save.
dixieflatline is offline   Reply With Quote
Old 06-06-2005, 11:44 PM   #9
madgett
is my last name...
 
Join Date: May 2004
Posts: 1,051
Default

Oh, you are using MDM Zinc, they have secure variables that you can specifically set up that are hidden inside the exe. You can also store the secure variables in a blowfish encrypted format then decrypt when you want to use them in the swf. That is extremely secure, b/c the only way to get to the data is to decompile the exe then you have to be able to decrypt everything...not likely that they can get to it at all.
__________________
Anything is possible with Flash, it's just a matter of inventing the possibilities
Certified Swfwizard
madgett is offline   Reply With Quote
Old 06-06-2005, 11:56 PM   #10
madgett
is my last name...
 
Join Date: May 2004
Posts: 1,051
Default

Another thing to add:

You can use this Zinc command: mdm.blowfishenc to encrypt strings and then store the encrypted string in a shared object. Then when you want to decrypt the string, you can use mdm.blowfishdec...very easy to do. And it's extremely secure. You can look both those commands up in the Zinc manual (help) and if you still get stuck they have an online support forum and your question will be answered quickly.
__________________
Anything is possible with Flash, it's just a matter of inventing the possibilities
Certified Swfwizard
madgett is offline   Reply With Quote
Reply


Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:22 AM.

///
Follow actionscriptorg on Twitter

 


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Ad Management plugin by RedTyger
Copyright 2000-2013 ActionScript.org. All Rights Reserved.
Your use of this site is subject to our Privacy Policy and Terms of Use.