PHP for Flash Security

[simon311]

I am attempting, or rather looking at the possibility of, building a web based application in Flash that caters only to specific users. I will be providing an ecomm solution to my end users. I was wandering about security. If I developed a flash front end, using PHP as the middleware, to the MySQL backend DB, would this pose a security threat to my DB? To solve this problem, I came up with a simple solution of passing a single var=value pair from Flash on a button action to trigger a boolean true ( OK TO RUN ) or false ( timeout infinite ). The problem with this solution is, I have found SWF decompilers that are readily available and hence negating my solution.... I worry about my data in my DB, obviously. If I were mischievous or worse, I could simply duplicate the SWF file and using the action script provided from the targets swf file. The implications here are obvious.What suggestions does anyone have on solving this problem? Constructive criticism is always welcome.Thanks in Advance,-Simon

[ci-berpages]

In theory this idea will work. Well my theory anyways. Write a php script that generates a onetime key to the database page. Run that script from flash and get the key. Then send that key to the script accessing the database. I would also set the script up where it can only beloaded from the page with the flash file on it, or it will generate an error. Just a thought.