Hi all!
I'm using some PHP-Scripts via HTTPService in my AIR-Application.
At the moment the AIR-App sends - like a browser - information about user agent and referer, like:
"app:/MyApp.swf" "Mozilla/5.0 (Windows; U; de-DE) AppleWebKit/523+ (KHTML, like Gecko) AdobeAIR/1.1"
I'm planning to use these values in my PHP-Script to restrict the access to some scripts only to calls from AIR.
How reliable are these information? Is it possible to deactivate or change these values on the client side?
For example, in some browser you can deactivate the option to send a referer - is this possible in Air too?
Sure, the other way round isn't very safe: a browser can imitate the referer and user agent and my script then thinks the client is an Air app. But it's a bit more security.
Thanks a lot.
Regards!
I'm using some PHP-Scripts via HTTPService in my AIR-Application.
At the moment the AIR-App sends - like a browser - information about user agent and referer, like:
"app:/MyApp.swf" "Mozilla/5.0 (Windows; U; de-DE) AppleWebKit/523+ (KHTML, like Gecko) AdobeAIR/1.1"
I'm planning to use these values in my PHP-Script to restrict the access to some scripts only to calls from AIR.
How reliable are these information? Is it possible to deactivate or change these values on the client side?
For example, in some browser you can deactivate the option to send a referer - is this possible in Air too?
Sure, the other way round isn't very safe: a browser can imitate the referer and user agent and my script then thinks the client is an Air app. But it's a bit more security.
Thanks a lot.
Regards!