 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeDiscussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers |
Webmaster Forum / Flash / Flash Remoting / April 2006Flash Remoting - Access to .NET Assembly - Security!!!!
I just have found that there is a big security issue with possibility to invoke any public method in any assemble in BIN if I use remoting... Is there any way not to allow accessing a method in assembly but only aspx page? How can I protect other objects in my assemblies for possibility to call them from Flash? So there seem to be no way to restrict the access from Flash of other assemblies im BIN folder? Like there is no way to have a list of assemblies I do not want to aurhorise for accessing them from Flash? That sound pretty alarming. Could you elaborate on it for the rest of us please? If you have flashgateway.dll in your BIN folder, ANYONE can call any method from any other assembly in that same BIN folder if he knows the path to that file. For example MyCompany.MyProject.MyClass Of course we have several restrictions like - You can not call static method - You cannot call class that has a constructor that accepts arguments - You can not pass to a method object different than primitive (like string or float) and ASObject But you can pass any object as NULL Though we have those restrictions we still have many methods that can be called successfully from Any Flash client in order to steal information or harm the system in any different way. I am working now on that but any ideas will be highly appreciated. That's true, it is a huge risk, but i do the following: mark all my private classes or methods with the "internal" access modifier(only in C#). Take a look: internal void myPrivateAssemblyMethod() { //do assembly internal something } i don't know why macromedia do this, all the public remoting method and clases must be restricted with some .net Attribute something like this, example: public void myRemoteMethod() { //do assembly internal something } but "Macromedia.Flash.Remoting.RemoteMethod" doesn't exists. Just is my idea... i'm trying to use flash remoting for .net with iis 5.0 but i get the following error only when i'm trying to run the page at my web server (at my local server everything works fine) "Error","5/8/2005 8:16:22 PM","No Such Service service name with function function name"," at FlashGateway.Delegates.ServiceCommander.InvokeAdapter(ActionContext flashContext) at FlashGateway.Delegates.ServiceFilter.preInvoke(ActionContext flashContext)"; i'm trying almost everything to solve this problem but i can't. can anybody help me please? Can you show your actionscript code, probably you have it not correct Worldclass V.C. is looking for a flash developer to build a new video chat site using Flashcom server. Must be good with Flash Action script , FlashCom Server , Cold Fusion Or AMFPHP for remoting and MySQL $12,000 to complete the project. Contact me interested Worldclassvideo@aol.com |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.