What is this? From this page you can use the Social Web links to save Secure your Flash-PHP connection to a social bookmarking site, or the E-mail form to send a link via e-mail.

Social Web

E-mail

E-mail It
August 12, 2009

Secure your Flash-PHP connection

Posted in: Programming,Security,Web design

secureIf you’re working on a Flash game in which you are saving player score in a database, you might wanna consider applying some security to it :)

As I know, you cannot access MySQL database directly from Flash, so you’ll need to do some ActionScripting and call an external script to do it for you. For this example, we’ll be using PHP as a server-side script that will be doing MySQL communication.

I’m not Flash expert but I’ll paste here a sample ActionScript that calls an external URL for data processing:

  1.  
  2. var my_lv:LoadVars = new LoadVars();
  3. my_lv.onLoad = function(success:Boolean) {
  4.     if (success) {
  5.     trace(this.toString());
  6.     } else {
  7.     trace("Error loading/parsing LoadVars.");
  8.     }
  9. };
  10. my_lv.load("http://www.example.com/flash_db.php");
  11.  

Now, let’s talk about that security. The easies way to implement security is using HTTP Authentification (Basic or Digest). In this example we’ll be doing a Basic configuration.

At the Flash part, you’ll have to upgrade you ActionScript part with the following lines:

  1.  
  2. var str = Base64.Encode("my_username:my_password");
  3. my_lv.addRequestHeader("Authorization:", "Basic "+str);
  4. my_lv.load("http://www.example.com/flash_db.php");
  5.  

For the above example you’ll need actionscript Base64 encoder class.

The PHP code that you’re calling is processing this secure communication with the following code:

  1.  
  2. <?php
  3. if ($_SERVER[‘PHP_AUTH_USER’] != "my_username" || $_SERVER[‘PHP_AUTH_PW’] != "my_password") {
  4.     echo "error";
  5.     exit;
  6. }
  7. ?>
  8.  

You can simply copy/paste the code from above at the very beggining of your PHP script and that should do the trick. Of course, you can do some extra user validations, to check user with the password in the database, and then to see this specific user credentials, etc.

You can read more on HTTP Authentification with PHP here:
http://www.php.net/manual/en/features.http-auth.php

If you’re asking yourself why should you just send user/pass variable via POST method, read one of my previous posts – web debugging.

On Brian Meidell’s blog you can read more on this topic as well as some usefull comments.
There are some issues with some web browsers while trying to accomplish this type of authentication…

I must say once more – I’m not a Flash expert and as far as I know this should work :) but also, this type of security should work with any other technology that is capable of doing HTTP Authentication.

 

Return to: Secure your Flash-PHP connection