I'm currently trying to communicate with a mySQL database with ActionScript3 using the URLRequest and URLLoader objects like so:
loader = new URLLoader();
loader.dataFormat = URLLoaderDataFormat.VARIABLES;
loader.addEventListener(Event.COMPLETE, varsLoaded);
loader.addEventListener(IOErrorEvent.IO_ERROR, errGet);
loader.load(new URLRequest("php/comm.php?var1="+var1+"&var2="+var2);
Everything handled in the PHP is, as far as I can tell, secure and safe from would-be hackers and whatnot. MySQL injection problems are accounted for, private data is encrypted there, etc. Likewise, as far as I know, the PHP code is secure. Nobody is going to be able to access the actual source code of the PHP file. The swf file, however, is not so secure. I know there are countless ways to decompile them. With that, someone can easily find the above code and know that they can just go to comm.php in their browser and do whatever they like. In the context of the game this code is going into, that would mean that users could manually change their scores and whatnot.
Is there any way to improve the security of this transaction? I've tried running checks in the PHP code to ensure that the URLRequest is coming from the flash file and not a browser, but $_SERVER['HTTP_REFERER'] didn't seem to return anything.
Since the flash file and the php file are both stored on the same server, I was thinking there might be some sort of way to check if the connection is coming from the same IP address, but I wasn't sure how to go about doing that. I also considered that there might be some way to change .htaccess to block all access to the php/ directory, but I wasn't sure how to add an exception for the flash file.
Any help would be greatly appreciated!
you can use RSA ....
Action Script
PHP
http://php.net/manual/en/function.openssl-public-encrypt.php
I hope it helps