Security Of FLEX1.5 Application

As the blooming of the Internet, the security issue also come up to the surface, Hackers attack WEB site everyday all over the world. Today, more Systems connect into the Internet, and also became very complicated, so how to improve the WEB system security, avoid being attacked, is a popular topic.For the security of the old WEB develop technology, because most of them are based on script technology, so they are not extensible well. For example, when the requirement of the user changes, developers need to make changes on the current system, and this often bring security issues. But for the security of the old WEB develop technology, it has been well researched, like how to avoid SQL injection in ASP and PHP, how to avoid WEB server attack. And also other technologies like SSL, Encryption technology, firewall greatly improve the WEB system security.The emergence of J2EE technology greatly improves the WEB app security and stability. J2EE divide the WEB systems as N tiers, such as representation tier, business tier etc. So different developers can focus on different tiers, and make the develop process clearly. When user changes the requirement, developer can make changes on one single tier; this change won't have obvious effect on other tiers. So this absolutely improves the system security.After J2EE, RIA technologies become quite popular, RIA combines the rich experience of desktop application and the easy deployment of the WEB application, brings users rich experience. RIA technology also has some defects, like they are usually downloaded into client's browser, and the size is big, so the initial speed may be slow, but as the speed for Internet transfer is greatly improved, so the size of RIA client won't be a problem in the future. Another is that the developers who master RIA technology are not large, so it needs time to make it popular. For main RIA technology, currently it includes AJAX which supported by Google, FLEX supported by Macromedia and Open Laszlo.FLEX technology is not quite popular in China, and also the documentations for FLEX are quite fewer, and also not many research fruits on Security side, and for the FLEX security, they usually research it from two perspectives, one is from J2EE, and the other is from Flash, and usually focus more on Flash.This paper mainly focuss on the security of FLEX1.5, investigates the its implementation, and disscusses why we say FLEX1.5 is based on J2EE and Flash technology, and then disscusses its security from both J2EE and Flash. Last chapters introduce the practices in a FLEX project.Because FLEX1.5 is a totally new technology, there are not many senior develpers, and also fewer documents, especially on security. So by doing this investigation, it is supposed to make contributions to the relative scope, and also can help the development process in the future projects.