Chapter 18. Securing Applications

Previous page
Table of content
Next page

If you have ever looked at the access logs of a web server or firewall, you've likely seen firsthand how dangerous a place the public Internet is. Chances are that any access log will show repeated attempts to attack your system. Logs are proof that there are people who will try to crash or get control of your server, delete your files, use your server to anonymously relay spam, cheat at online games , steal your personal or corporate information, harass you, and in general make life as miserable for you as they can. Attacks come in a variety of forms and are often launched using sophisticated software. FlashCom Server has no special immunity from attack. There are reports of people discovering their FlashCom Server being used by someone without their permission. The perpetrators had not been granted any special access to the server. Parasites, as they have been called, discovered the address of a valid application instance on someone else's server, wrote their own .swf filesoften called rogue clientsto connect to it, and created their own applications. Some descriptions of the problem have been written up on the Chattyfig FlashComm mailing list and on Peldi's blog:

http://chattyfig.figleaf.com/mailman/htdig/flashcomm/2003-November/
http://chattyfig.figleaf.com/mailman/htdig/flashcomm/2004-January/013138.html
http://chattyfig.figleaf.com/mailman/htdig/flashcomm/2004-January/013056.html
http://www.peldi.com/blog/archives/2003/07/protecting_your.html

In its default configuration, the FlashCom Server is not secure enough to be used for application delivery on the public Internet.


A few simple changes in the server's configuration files buy a significant improvement in protection. But if you create applications using Macromedia's components without adding a layer of authentication, you are asking for trouble. The server needs to be configured for security, and your applications must be written with security in mind.

This chapter focuses on designing secure FlashCom applications and is not intended to provide detailed setup and configuration information for security, nor is it intended as a complete course on network security. However, some recommendations and advice are provided throughout the chapter. See also the resources for further reading cited near the end of the chapter.

If you are responsible for setting up a FlashCom Server that will be reachable from the Internet, you should also consult the following resources provided by Macromedia:

http://www.macromedia.com/devnet/mx/flashcom/articles/security_overview.html
http://www.macromedia.com/devnet/mx/flashcom/articles/security_setup.html
http://www.macromedia.com/devnet/mx/flashcom/articles/firewalls_proxy06.html
http://download.macromedia.com/pub/flashcom/documentation/FlashCom_Installing.pdf
http://download.macromedia.com/pub/flashcom/documentation/FlashCom_Managing.pdf

If you don't have the time, knowledge, or resources available to set up a secure server, consider one of the hosting options cited in the Preface.

In keeping with O'Reilly's attempt to reclaim the word hacker for its positive connotations (see the Hacks series), we refer to programmers attempting to compromise your security as attackers , not hackers.


Previous page
Table of content
Next page
Programming Flash Communication Server
Programming Flash Communication Server
ISBN: 0596005040
EAN: 2147483647
Year: 2003
Pages: 203
Authors: Brian Lesser, Giacomo Guilizzoni, Robert Reinhardt, Joey Lott, Justin Watkins
BUY ON AMAZON
The CISSP and CAP Prep Guide: Platinum Edition
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
Programming .Net Windows Applications
Understanding Digital Signal Processing (2nd Edition)
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy