security - Whats a valid strategy for a secure image upload from a flash client? -

-

i'm creating flash application post images url saving disk/display later. wondering suggested strategies making secure enough upload verified coming application , not random form post.

is reliable enough check referring location realizing don't need bulletproof security, or perhaps setting authentication headers better strategy though seems unreliable have read.

the application , server script reside on same domain , in java - there way check 'session' or that?

another thought had sort of simple hashed key type system, hard-code key flash application , pass server based on - server know key , able verify if value passed based on that?

thanks advice , examples - naive in area -b

the app public app, authenticating users not option. after more research thinking using hard coded salt key on both ends, sending md5 hash of base64 encoded image bytearray+salt matched on server side. thoughts on strategy?

your question can generalized 'how can sure image uploaded through (flash) application?'. answer is, can't. no matter do, determined person can reverse engineer application or watch http traffic, , use information create client (applet/silverlight/html form/standalone program) upload files server. @ best, can obscure make things difficult. that's not security.

instead, should asking 'how can sure image has been uploaded authorized person?'. 1 possible. user has authenticate on https, , upload file. read owasps guide session management more information on how solve problem.


Comments

Post a Comment

Popular posts from this blog

javascript - Enclosure Memory Copies -

-
function myclass() { //lots , lots of vars , code here. this.bar = function() { //do numerous enclosed myclass vars } this.foo = function() { alert('hello'); //don't enclosed variables. } } each instance of myclass gets own copy of bar , foo, why prototyped methods use less memory. however, know more memory use of inner methods. it seems obvious me (1) below must true. agree? not distinct myclass instances have own distinct copies of bar, must have own distinct copies of myclass enclosure. (or else how bar method keep myclass variables straight on per instance basis?) now (2) question i'm after. since inner foo method doesn't use in myclass enclosure natural qustion is: javascript smart enough not keep myclass enclosure in memory use of foo? this depend entirely on implementation not language. naive implementations keep far more around others. answer true e.g. v8 (chrome's js engine) may not true spider...
Read more

php - Replacing tags in braces, even nested tags, with regex -

-
example preg_replace('/\{[a-za-z.,\(\)0-9]+\}/', 'replaced', 'lorem ipsum dolor sit {tag1({tag2()})}, consectetur adipiscing elit.'); the result: lorem ipsum dolor sit {tag1(replaced)}, consectetur adipiscing elit. question as can see "tag2" has been replaced, want replace "tag1" know how can this? (in cases might this: {tag1({tag2({tag3()})})}) , on.) btw using preg_replace_callback, easier show preg_replace here site can test code: http://www.spaweditor.com/scripts/regex/index.php you need add curly braces character set. here's pattern used: /\{[a-za-z.,\(\)\{\}0-9]+\}/ and here result: "lorem ipsum dolor sit replaced, consectetur adipiscing elit."
Read more