Hi,

 I was just looking into using your services as file store for media files which I intend to load from a Flash/Flex application but am a little concerned about using the REST model from a client application as a user who knew what they were doing could view my applicationid, username and password using freely available http analysis tools such as fiddler.

So, should I call my .Net server from the Flash file, get my server to authenticate with your server and return the session id to the flash file which then uses it to retrieve the file from yourselves, or is there another way?

Thanks

Richard

 I sent a private message detailing the different ways of handling this with much more information, but just for those perusing the general idea is to proxy the flash calls through your server because the session token is associated with an IP address.  This means a bit more work but puts the onus of client security on you.  We do this to prevent someone snooping a session token and using it with another IP address.

In the future we will have a proxyLogin that will take in the clients IP Address so a login can be performed on behalf of another IP Address instead of the calling server.

 
Regards,
    Barry R.