Martic.net

Talking in binary since 1980.

Secure your Flash-PHP connection

Darko at 6:10 am on Wednesday, August 12, 2009

secureIf you’re working on a Flash game in which you are saving player score in a database, you might wanna consider applying some security to it :)

As I know, you cannot access MySQL database directly from Flash, so you’ll need to do some ActionScripting and call an external script to do it for you. For this example, we’ll be using PHP as a server-side script that will be doing MySQL communication.

I’m not Flash expert but I’ll paste here a sample ActionScript that calls an external URL for data processing:

  1.  
  2. var my_lv:LoadVars = new LoadVars();
  3. my_lv.onLoad = function(success:Boolean) {
  4.     if (success) {
  5.     trace(this.toString());
  6.     } else {
  7.     trace("Error loading/parsing LoadVars.");
  8.     }
  9. };
  10. my_lv.load("http://www.example.com/flash_db.php");
  11.  

Now, let’s talk about that security. The easies way to implement security is using HTTP Authentification (Basic or Digest). In this example we’ll be doing a Basic configuration.

At the Flash part, you’ll have to upgrade you ActionScript part with the following lines:

  1.  
  2. var str = Base64.Encode("my_username:my_password");
  3. my_lv.addRequestHeader("Authorization:", "Basic "+str);
  4. my_lv.load("http://www.example.com/flash_db.php");
  5.  

For the above example you’ll need actionscript Base64 encoder class.

The PHP code that you’re calling is processing this secure communication with the following code:

  1.  
  2. <?php
  3. if ($_SERVER[‘PHP_AUTH_USER’] != "my_username" || $_SERVER[‘PHP_AUTH_PW’] != "my_password") {
  4.     echo "error";
  5.     exit;
  6. }
  7. ?>
  8.  

You can simply copy/paste the code from above at the very beggining of your PHP script and that should do the trick. Of course, you can do some extra user validations, to check user with the password in the database, and then to see this specific user credentials, etc.

You can read more on HTTP Authentification with PHP here:
http://www.php.net/manual/en/features.http-auth.php

If you’re asking yourself why should you just send user/pass variable via POST method, read one of my previous posts – web debugging.

On Brian Meidell’s blog you can read more on this topic as well as some usefull comments.
There are some issues with some web browsers while trying to accomplish this type of authentication…

I must say once more – I’m not a Flash expert and as far as I know this should work :) but also, this type of security should work with any other technology that is capable of doing HTTP Authentication.

 

1 Comment »

  1. Comment by Darko Martic
    August 18, 2009 @ 1:49 pm

    You might also consider applying this kind of security to al sorts of applications, for example if you’re building a BlackBerry app and you need to open user’s account on a website but you don’t wanna make extra trouble to user asking him to login once more (on a web), so you could login him automatically passing certain data to your web application.

RSS feed for comments on this post. TrackBack URL

Leave a comment

Enter this code

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 
 
Close
E-mail It
Socialized through Gregarious 42