Flash CS3 Documentation

ActionScript 2.0 Components Language Reference > Web service classes > WebService security

WebService security

The methods and callbacks of the WebService class conform to the Flash Player security model. For more information on the Flash Player security model, see Understanding Security in Learning ActionScript 2.0 in Adobe Flash.

User authentication and authorization The authentication and authorization rules are the same for the WebService API as they are for any XML network operation from Flash. SOAP itself does not specify any means of authentication and authorization. For example, when the underlying HTTP transport returns an HTTP BASIC response in the HTTP headers, the browser responds by presenting a dialog box and subsequently attaching the user's input to the HTTP headers in subsequent messages. This mechanism exists at a level lower than SOAP and is part of the Flash HTTP authentication design.

Message integrity Message-level security involves the encryption of the SOAP messages themselves, at a conceptual layer above the network packets on which the SOAP messages are delivered.

Transport security The underlying network transport for Flash Player SOAP web services is always HTTP POST. Therefore, any means of security that can be applied at the Flash HTTP transport layer--such as SSL--is supported through web services invocations from Flash. SSL/HTTPS provides the most common form of transport security for SOAP messaging, and use of HTTP BASIC authentication, coupled with SSL at the transport layer, is the most common form of security for websites today.

Flash CS3