Categories

dixieflatline · 06-06-2005, 05:27 PM

Hi,

I would love to hear some ideas from you if possible. I am working on a standalone application project, and would like to save a username and password as simply as possible in a store (cookie like) on the local machine.

I would also like to encrypt/decrypt the information if possible.

It will be set once and kept on the machine, similar to the way you save credentials for a chat client.

Any assistance would be appreciated.

Thanks,

C.

oldnewbie · 06-06-2005, 05:31 PM

http://www.actionscripts.org/tutoria...ts/index.shtml

dixieflatline · 06-06-2005, 05:42 PM

Thanks for the super quick response.

That works fine! I have some links to encrypt the data but they are all overkill. You don't know of a simple solution do you? The data does reside on the client machine, so I don't need to go mad.

Many thanks again.

C.

sleekdigital · 06-06-2005, 06:11 PM

http://www.layer51.com/proto/d.aspx?f=1247

topdogger · 06-06-2005, 06:39 PM

You could just send some information with sendandload to a php page and have php create a session. Then once the user closes that internet browser the information is gone. That might be what your looking for. Like cookies but more temporary.

dixieflatline · 06-06-2005, 10:24 PM

Hey topdogger,

It's an odd situation. The app is totally stand alone, however I do spawn new windows under certain circumstances using stored login credentials. As it's standalone, I need a local store to deal with these variables before I talk to the server. Also Securing them is just something I have to do.

Hey sleekdigital,

Thanks for that link. I will test that one and a few others i have found.

C.

madgett · 06-06-2005, 10:42 PM

Quote:

Originally Posted by topdogger

You could just send some information with sendandload to a php page and have php create a session. Then once the user closes that internet browser the information is gone. That might be what your looking for. Like cookies but more temporary.

Yes, PHP sessions are hard to beat, even if you dynamically change your ip address during the session and attempt to steal the session and make yourself invible, unless you know the complete backend you will not get anywhere. So I find using PHP sessions very secure.

dixieflatline · 06-06-2005, 11:18 PM

Hi,

I agree, however I am not sure how that helps me.

Good fun security topic though for CSS, Param tampering and session hijacking.

Further Info if you are up for discussion

I am using Zinc (mdm) to wrap a flash application. The app uses LoadVars to perform a SendAndLoad against a server I do NOT have any control over. As I have no control and as I am in a stand alone player, I can not manipulate very much. Also not being in the same domain as the server limits me further.

I can however prove successful authentication with a GET (as the POST also does not work) and then set a temporary variable to use inside a send POST.

What I need is this information kept so I can use it in the future, bypassing the Login test and variable save.

madgett · 06-06-2005, 11:44 PM

Oh, you are using MDM Zinc, they have secure variables that you can specifically set up that are hidden inside the exe. You can also store the secure variables in a blowfish encrypted format then decrypt when you want to use them in the swf. That is extremely secure, b/c the only way to get to the data is to decompile the exe then you have to be able to decrypt everything...not likely that they can get to it at all.

madgett · 06-06-2005, 11:56 PM

Another thing to add:

You can use this Zinc command: mdm.blowfishenc to encrypt strings and then store the encrypted string in a shared object. Then when you want to decrypt the string, you can use mdm.blowfishdec...very easy to do. And it's extremely secure. You can look both those commands up in the Zinc manual (help) and if you still get stuck they have an online support forum and your question will be answered quickly.

Categories

Featured Jobs