VMware {code} Community
CathyBr
Enthusiast
Enthusiast
‎06-21-2013 12:07 AM
Jump to solution

Security issues in the connection between the flex client and property provider

Hi,

I probably should know this, but the customer is worried about a security issue.  I don't think

that it is a problem, but its better to ask and be sure.

In my flex client, I have a dialog where a user can enter a password.  I then take the password

and send it to my property provider.  This password is normal text, I do nothing to encode it before sending

it over.  Is this ok? I think that the connection is secure, but please confirm this, or should I encode it before sending?

Thanks for the info

Cathy

0 Kudos
1 Solution

Accepted Solutions
laurentsd
VMware Employee
VMware Employee
‎06-21-2013 12:23 AM
Jump to solution

Yes, the Data Manager API uses the secure AMF channel.  Likewise if your plugin is calling a custom java service you should use "/.../messagebroker/amfsecure" for the proxy channel URI as shown in the SDK samples.

View solution in original post

0 Kudos
3 Replies
laurentsd
VMware Employee
VMware Employee
‎06-21-2013 12:23 AM
Jump to solution

Yes, the Data Manager API uses the secure AMF channel.  Likewise if your plugin is calling a custom java service you should use "/.../messagebroker/amfsecure" for the proxy channel URI as shown in the SDK samples.

0 Kudos
CathyBr
Enthusiast
Enthusiast
‎06-21-2013 12:30 AM
Jump to solution

Many thanks Laurent,

I thought so, but was just checking.  No I send the password to the vCenter, using HostSystem.updateIPMI(), so that goes over a soap connection, and must be ok as well.  Am I right?

Cathy

0 Kudos
laurentsd
VMware Employee
VMware Employee
‎06-21-2013 11:38 AM
Jump to solution

I can't say since I don't know your setup.  You are responsible for ensuring the security of your communications between your java component running on the Web Client server and any back-end.

0 Kudos