Viewing By Entry / Main
Jun 21, 2008
CFUnited RIA Security Presentation
Thanks to everyone who attended my CFUnited presentation. I had a good turnout and I think it went pretty well. I am hoping that next year I can do a topic of my own choosing! :) Anyway, below is the presentation for those who want it. You can get the sample code out of Subversion at code.google.com/p/remotesynthesis.
On a side note, as you can see the PDF conversion in Acrobat.com isn't 100% yet (though its not bad) but you can pull the menu dropdown and select "download or share" to pull the actual Powerpoint file.
Comments
Good presentation but I have just one question. Slide 17, point C. What is the point of encrypting password and comparing it with encrypted version? If I can listen to your network traffic it does not matter if I sniff your real password or encrypted one. If you use auth based on comparing encrypted passwords and I sniff it I will just send encrypted version and get authentication. No difference.
thanks for the presentation, what are you planning for next year subject?
@radek - I was trying to show the cryptography for AS3. It isn't specifically to protect against people sniffing your HTTP traffic, you solve this by using SSL. Nonetheless, your users' passwords should generally be protected through one-way encryption to prevent them being read and thereby allowing unauthorized account access. I was just showing how to do the encryption on the AS3 side since its a simple process.
No thoughts yet on next year's session...too soon to think of that.
No thoughts yet on next year's session...too soon to think of that.
thanks for the presentation !
This is extremely helpful. Thanks for posting the slides!