Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I need to transfer data from a flash application running in a browser to a server running php. If I use an https connection will that be enough to ensure that the data sent from flash to the server is encrypted and sensitive data can’t be sniffed, or do I need to do encryption in my flash application itself?
Yes, using the HTTPS protocol will encrypt data between the users’ computer and your server.
If you are only worried about the transport of your data, and you can assume that the attacker does not have access to the private keys used to encrypt the SSL request, then you are fine using HTTPS.
Home-brewed encryption could provide an additional layer of protection. Even if an attacker does manage to get your SSL certificates, they would also have to crack your home-brewed encryption to understand the data.
If HTTPS is unavailable, home-brewed encryption can still get you some level of security. The downside is that any attacker can decompile your SWF and analyze your encryption algorithm to potentially build a decryption tool.