I'm a newbie to Flex and am struggling to wrap my arms around security in general, but most of all am trying to understand any limitations I may be facing...
I would like to deploy a Flex application to our corporate DMZ, and would like that application to interact with web services that are protected behind our firewall (can't be accessed from the net, directly). I am familiar with the crossdomain.xml file required to talk across domains, within Flex, but am not sure if this will enable communication inside the firewall???
I'm assuming that there is a way to do this, as Flex applications can talk to a database, which I assume are mostly behind corporate firewalls. I'm working with our network folks now to try and get a proof-of-concept deployed to our DMZ, but thought I would reach out to the experts!
Is what I'm trying to do pretty straight-forward? Are there best practices for accomplishing what I'm trying to achieve?
I also have to prepare a justification for deploying Flex in our current environment, and have to speak to how a Flex deployment won't enable a hacker to access systems/data behind our firewall, once the application is deployed and talking to web services inside our network. Any information that can be shared to put our security folks at ease would be greatly appreciated!
Thanks in advance for any information!