Flash Login Interface, how secure?
Posted on 2008-10-17
I've made an interface for a website that allows the owners of the site to update data on their website, acces their mailing list & send mails to their subscribers , post news, etc.
The main timeline consists of 1 key frame that dynamically loads the Login mc.
The Login mc then checks the username and password through a php session script file that connects with the server's database where the login data is stored.
when the FlashVars receive a green light from php script the main menu gets loaded using loadMovie() and the other features get enabled.
My guess is this is fairly secure, anyway, It's not Fort Knox' website, right? (I sometimes even wonder about my own internet banking security, but that might be another question...)
I'm wondering however, the functionality of the entire interface lays in the ability to read, write and delete data in xml files that are stored on the server (not in the database). These php and xml files are actually 'in the open'....
So my question is, when calling these php scripts, should I again check if the login session is true? (and how exactly should I do this?)
Can the php files be tampered with, without even running the .swf ? (I almost believe this is a rhetorical question...)
So... how do I secure the php files?
And last but not least, can the xml files get altered externally (without using the swf nor the php scripts?)
Thaks in advance !