You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@flex.apache.org by bilbosax <wa...@comcast.net> on 2017/12/19 21:32:20 UTC
Secure RemoteObject
I am using RemoteObject to perform all my database transactions in a mobile
AIR app. AMF is fast and it is compact so it will save me a lot on
bandwidth. But I am concerned about submitting to the Apple App Store and
the Google Play store due to security reasons. They now only allow
transactions with SSL https sites and URLs in your application, so I am
concerned that my RemoteObject webservices will not be considered secure
enough. Phone numbers, email addresses, and home addresses are passed using
these services.
1) Does anyone know if the App Store/Google Play will allow unsecured AMF
webservices?
2) Is there a way to encrypt AMF RemoteObject webservices? I am using Zend
and PHP
Thanks for any thoughts!
--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
Re: Secure RemoteObject
Posted by bilbosax <wa...@comcast.net>.
Thanks for the info Jeffry. Very helpful.
--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
Re: Secure RemoteObject
Posted by Jeffry Houser <je...@dot-com-it.com>.
On 12/20/2017 6:58 AM, bilbosax wrote:
> 1) Is Apache involved in the passing of data in a RemoteObject?
Yes, AMF is a binary format that is transported over HTTP. You
probably have a URL on your server like:
myserver.com/|gateway.php
Or something similar.
|
> 2) Will having an SSL on Apache cause the passing of data through a
> RemoteObject to be encrypted and secure?
Only if you set your services endpoint to use an SSL URL. This is
probably done in a serices-config file that is compiled into your app;
but it is possible to set them up manually also.
--
Jeffry Houser
Technical Entrepreneur
http://www.jeffryhouser.com
203-379-0773
Re: Secure RemoteObject
Posted by bilbosax <wa...@comcast.net>.
Interesting question, so I have a silly reply. I don't know exactly how the
system works.
I know that my app communicate with my database through RemoteObjects by way
of PHP. I always thought that it was a direct link from the app to PHP. What
I don't know is if the communication is actually dependent on Apache. If so,
then I suppose that having an SSL on the Apache installation might do the
trick. So now my questions are:
1) Is Apache involved in the passing of data in a RemoteObject?
2) Will having an SSL on Apache cause the passing of data through a
RemoteObject to be encrypted and secure?
--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
Re: Secure RemoteObject
Posted by Jeffry Houser <je...@dot-com-it.com>.
Why wouldn't you use a Remote Object URL over SSL?
On 12/19/2017 4:32 PM, bilbosax wrote:
> I am using RemoteObject to perform all my database transactions in a mobile
> AIR app. AMF is fast and it is compact so it will save me a lot on
> bandwidth. But I am concerned about submitting to the Apple App Store and
> the Google Play store due to security reasons. They now only allow
> transactions with SSL https sites and URLs in your application, so I am
> concerned that my RemoteObject webservices will not be considered secure
> enough. Phone numbers, email addresses, and home addresses are passed using
> these services.
>
> 1) Does anyone know if the App Store/Google Play will allow unsecured AMF
> webservices?
>
> 2) Is there a way to encrypt AMF RemoteObject webservices? I am using Zend
> and PHP
>
> Thanks for any thoughts!
>
>
>
> --
> Sent from: http://apache-flex-users.2333346.n4.nabble.com/
--
Jeffry Houser
Technical Entrepreneur
http://www.jeffryhouser.com
203-379-0773