CFUnited RIA Security Presentation

Posted on Jun 21, 2008

Thanks to everyone who attended my CFUnited presentation. I had a good turnout and I think it went pretty well. I am hoping that next year I can do a topic of my own choosing! :) Anyway, below is the presentation for those who want it. You can get the sample code out of Subversion at code.google.com/p/remotesynthesis.

On a side note, as you can see the PDF conversion in Acrobat.com isn't 100% yet (though its not bad) but you can pull the menu dropdown and select "download or share" to pull the actual Powerpoint file.

Comments

radekg Good presentation but I have just one question. Slide 17, point C. What is the point of encrypting password and comparing it with encrypted version? If I can listen to your network traffic it does not matter if I sniff your real password or encrypted one. If you use auth based on comparing encrypted passwords and I sniff it I will just send encrypted version and get authentication. No difference.

Posted By radekg / Posted on 06/21/2008 at 4:16 PM


elemter info thanks for the presentation, what are you planning for next year subject?

Posted By elemter info / Posted on 06/22/2008 at 5:12 AM


Brian Rinaldi @radek - I was trying to show the cryptography for AS3. It isn't specifically to protect against people sniffing your HTTP traffic, you solve this by using SSL. Nonetheless, your users' passwords should generally be protected through one-way encryption to prevent them being read and thereby allowing unauthorized account access. I was just showing how to do the encryption on the AS3 side since its a simple process.

No thoughts yet on next year's session...too soon to think of that.

Posted By Brian Rinaldi / Posted on 06/22/2008 at 8:34 AM


szitakalman thanks for the presentation !

Posted By szitakalman / Posted on 06/24/2008 at 1:18 AM


Chris Diller This is extremely helpful. Thanks for posting the slides!

Posted By Chris Diller / Posted on 06/28/2008 at 11:26 AM


Write your comment



(it will not be displayed)





About

My name is Brian Rinaldi and I am the Web Community Manager for Flash Platform at Adobe. I am a regular blogger, speaker and author. I also founded RIA Unleashed conference in Boston. The views expressed on this site are my own & not those of my employer.