I just have found that there is a big security issue with possibility to invoke
any public method in any assemble in BIN if I use remoting...

Is there any way not to allow accessing a method in assembly but only aspx
page?

How can I protect other objects in my assemblies for possibility to call them
from Flash?

So there seem to be no way to restrict the access from Flash of other
assemblies im BIN folder? Like there is no way to have a list of assemblies I
do not want to aurhorise for accessing them from Flash?

If you have flashgateway.dll in your BIN folder, ANYONE can call any method
from any other assembly in that same BIN folder if he knows the path to that
file. For example MyCompany.MyProject.MyClass

Of course we have several restrictions like
- You can not call static method
- You cannot call class that has a constructor that accepts arguments
- You can not pass to a method object different than primitive (like string or
float) and ASObject But you can pass any object as NULL

Though we have those restrictions we still have many methods that can be
called successfully from Any Flash client in order to steal information or harm
the system in any different way.

I am working now on that but any ideas will be highly appreciated.

i'm trying to use flash remoting for .net with iis 5.0 but i get the following error only when i'm trying to run the page at my web server (at my local server everything works fine)

"Error","5/8/2005 8:16:22 PM","No Such Service service name with function function name"," at FlashGateway.Delegates.ServiceCommander.InvokeAdapter(ActionContext flashContext)
at FlashGateway.Delegates.ServiceFilter.preInvoke(ActionContext flashContext)";

i'm trying almost everything to solve this problem but i can't. can anybody help me please?



From http://www.developmentnow.com/g/72_2005_5_0_0_515904/Flash-Remoting---Access-to--NET-Assembly---Security.htm

Posted via DevelopmentNow.com Groups

That's true, it is a huge risk, but i do the following: mark all my private
classes or methods with the "internal" access modifier(only in C#).
Take a look:
internal void myPrivateAssemblyMethod()
{
//do assembly internal something
}

i don't know why macromedia do this, all the public remoting method and clases
must be restricted with some .net Attribute something like this, example:

public void myRemoteMethod()
{
//do assembly internal something
}
but "Macromedia.Flash.Remoting.RemoteMethod" doesn't exists. Just is my idea...

Worldclass V.C. is looking for a flash developer to build a new video chat site
using Flashcom server.
Must be good with Flash Action script , FlashCom Server , Cold Fusion Or
AMFPHP for remoting and MySQL
$12,000 to complete the project.
Contact me interested
Worldclassvideo@aol.com