Re: [xmlrpcflash-development] Re: [xmlrpcflash - Open Discussion] secure functionality with Flash xm
Brought to you by:
dopelogik
Menu
▾
▴
Re: [xmlrpcflash-development] Re: [xmlrpcflash - Open Discussion] secure functionality with Flash xmlrpc
|
From: Isaac L. <is...@st...> - 2002-11-28 00:22:12
|
Hi Danny, On Wednesday, November 27, 2002, at 06:22 AM, Danny Angus wrote: > > >>> The URL RFC defines a URL as >>> protocol://user:pas...@su...p-leveldomain/path >>> >>> However the HTTP sub-spec of this RFC removes the username:password >>> from the spec for HTTP. > > >> I was testing it in a browser earlier. argh... >> I haven't tested it yet, but I'm assuming that seeing as there is no >> way to insert username/pass for basic http auth, that flash doesn't >> automatically put them there in the same way which browsers circumvent >> the HTTP RFC URL sub-spec change. > > But if flash is somehow using the browser to make the http requests > (which may explain why you can't manipulate headers) it may pass the > user:pass up to the browser, which *does* know how to use it. (fingers > x'ed) OK, this needs to be tested more asap. I've just done it from straight outta flash right now... a standalone swf, in the flash player, does pass the proper credentials to the server in the following form: http://username:pas...@se...:80 this using Flash's .sendAndLoad mechanism. HOWEVER, when I placed the file up on the server to test it from a browser, it did not seem to work- as it seems that the web browser was overriding the flash file's authenitication call (header settings...) Oy. This is unexpected. > > >> Q- do you have any links to a good readable version of the http >> sub-spec of the URL RFC? > > Try some of the other formats on this page http://www.w3.org/Protocols/ thx- > >> OK- back to sqare 1 here. >> Danny, do you have any suggestions re. how else everyone can proceed >> here, strategies etc...? > > Not really, I don't know enough about flash to see how it's preparing > the http request. > Some insight into SendAndLoad() might help, but not necessarily. We all need to investigate the way Flash handles SendAndLoad in greater detail. My little experiment (above) with http auth just showed me that Flash behaved the very opposite of how I expected it to, and there must be reasons for it. As for me (and my colleague Chad), it's well over the end of our day here, and the US Thanksgiving holiday weekend is upon us- (not sure, but I'm assuming yall' don't celebrate it across the Atlantic...) With that, we'll all be fairly un-reachable until this coming Monday. At that point, if you guys so desire, I can set up a testing area on one of our servers we all can share- just for uploading and testing against dummy auth accounts. > > A little, but I'm really more interested in email > (http://jakarta.apache.org/james) > mmm... This is very cool- makes me wish I didn't need to sleep...<g> Best, Isaac Isaac Levy + Office of Structured Systems http://structuredsystems.net |
