AS3 -> PHP -> DB, how to make it secure?

I have to make connection to the DB and Insert a row based on the data that the SWF sent me...

I will need to make it so that the SWF->PHP part is s开发者_如何学Cecure by not letting users tamper with data.

I don't want to use SSL because its not a suitable solution... what other method is available?

The firefox plugin TamperData can manipulate any request sent by the browser regardless of https.

To make sure the message wasn't modified on the wire you can use an HMAC. The secret key K can be packaged with the flash application and a flash obfuscater can be used. However, this is security though obscurity and any hacker with an afternoon to kill will be able to fool this system. However this is the best that you can do.

1. Encode data in client with private key.
2. Send it to php server
3. Decode data in php and add it to database

OR Make all the possible and use HTTPS / SSL

You may have luck with AMFPHP. Quoted from the SourceForge page:

"AMF allows for binary serialization of Action Script (AS2, AS3) native types and objects to be sent to server side services."

While no method is foolproof, I tend to lean toward this - or making socket connections to a local socket server which then handles database interaction.

Send a salted hash of the serialized data you are sending. Then check that key on the server. This again whilst not foolproof will help stop 99% of your fraud.

Also make sure you encrypt your swf so the hash salt and salting method can not be exposed.