Secure RemoteObject

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Secure RemoteObject

bilbosax
I am using RemoteObject to perform all my database transactions in a mobile
AIR app. AMF is fast and it is compact so it will save me a lot on
bandwidth. But I am concerned about submitting to the Apple App Store and
the Google Play store due to security reasons. They now only allow
transactions with SSL https sites and URLs in your application, so I am
concerned that my RemoteObject webservices will not be considered secure
enough. Phone numbers, email addresses, and home addresses are passed using
these services.

1) Does anyone know if the App Store/Google Play will allow unsecured AMF
webservices?

2) Is there a way to encrypt AMF RemoteObject webservices? I am using Zend
and PHP

Thanks for any thoughts!



--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Secure RemoteObject

Jeffry Houser

  Why wouldn't you use a Remote Object URL over SSL?


On 12/19/2017 4:32 PM, bilbosax wrote:

> I am using RemoteObject to perform all my database transactions in a mobile
> AIR app. AMF is fast and it is compact so it will save me a lot on
> bandwidth. But I am concerned about submitting to the Apple App Store and
> the Google Play store due to security reasons. They now only allow
> transactions with SSL https sites and URLs in your application, so I am
> concerned that my RemoteObject webservices will not be considered secure
> enough. Phone numbers, email addresses, and home addresses are passed using
> these services.
>
> 1) Does anyone know if the App Store/Google Play will allow unsecured AMF
> webservices?
>
> 2) Is there a way to encrypt AMF RemoteObject webservices? I am using Zend
> and PHP
>
> Thanks for any thoughts!
>
>
>
> --
> Sent from: http://apache-flex-users.2333346.n4.nabble.com/

--
Jeffry Houser
Technical Entrepreneur
http://www.jeffryhouser.com
203-379-0773

Reply | Threaded
Open this post in threaded view
|

Re: Secure RemoteObject

bilbosax
Interesting question, so I have a silly reply. I don't know exactly how the
system works.

I know that my app communicate with my database through RemoteObjects by way
of PHP. I always thought that it was a direct link from the app to PHP. What
I don't know is if the communication is actually dependent on Apache. If so,
then I suppose that having an SSL on the Apache installation might do the
trick. So now my questions are:

1) Is Apache involved in the passing of data in a RemoteObject?

2) Will having an SSL on Apache cause the passing of data through a
RemoteObject to be encrypted and secure?



--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Secure RemoteObject

Jeffry Houser


On 12/20/2017 6:58 AM, bilbosax wrote:
> 1) Is Apache involved in the passing of data in a RemoteObject?
  Yes, AMF is a binary format that is transported over HTTP.  You
probably have a URL on your server like:

myserver.com/|gateway.php

  Or something similar.

|
> 2) Will having an SSL on Apache cause the passing of data through a
> RemoteObject to be encrypted and secure?

   Only if you set your services endpoint to use an SSL URL.  This is
probably done in a serices-config file that is compiled into your app;
but it is possible to set them up manually also.

--
Jeffry Houser
Technical Entrepreneur
http://www.jeffryhouser.com
203-379-0773

Reply | Threaded
Open this post in threaded view
|

Re: Secure RemoteObject

bilbosax
Thanks for the info Jeffry. Very helpful.



--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/