Question re: auth-n

I was hoping to use RemoteObject to access AMF services.

...but a note here:

http://pyamf.org/wiki/AuthenticationHowto

...says "RemoteObject is not supported yet, so requests can be made to
your services without having the authenticator called."

Does this mean PyAMF is not secure?  I want to deploy services that
require authentication.


Looking at the other sample, I see something called "WSGIGateway" is
used.  Should I used that instead of  DjangoGateway ?

Then I see a sample using Flex's RemoteObject, but with authentication:
http://pyamf.org/browser/examples/trunk/authentication/flash/flex/remoteobject/src/authentication.mxml 

I thought this didn't work?

The other sample uses flash code :

import flash.net.NetConnection;
import flash.net.Responder;

rather then MXML RemoteObject.  I'd prefer to use the Flex approach,
if possible.


Can anyone provide clarifications on these issues?

Thanks a lot,

Chris W.
_______________________________________________
PyAMF users mailing list - users@...
http://lists.pyamf.org/mailman/listinfo/users

On 27 Apr 2009, at 02:44, Chris Wolf wrote:

Check http://lists.pyamf.org/archives/users/2009-April/001433.html for  
background information about this issue.

PyAMF is meant to be a python library that provides AMF en/decoding  
support. The remoting and gateway modules are useful add-ons and allow  
PyAMF to integrate nicely with web based frameworks (WSGI, Django,  
Twisted, etc.).

Since PyAMF doesn't have the support structure to support  
authorisation in RemoteObject, the generally accepted way is to roll  
your own - or integrate with the web framework that you are using. It  
appears that you are using Django so I would check a very good  
tutorial written by Joel Hooks - http://joelhooks.com/2008/09/21/django-authorization-from-flex-air-actionscript-via-pyamf/

All this is made possible because the Flash player supports HTTP  
session cookies in remoting requests (RemoteObject or otherwise).

> Looking at the other sample, I see something called "WSGIGateway" is
> used.  Should I used that instead of  DjangoGateway ?

The various gateway implementations allow a smooth integration of  
PyAMF with WSGI, Twisted, Django, Pylons, etc. So if you are using  
Django - you can use WSGI (as Django supports that) but DjangoGateway  
provides the best integration.

> Then I see a sample using Flex's RemoteObject, but with  
> authentication:
> http://pyamf.org/browser/examples/trunk/authentication/flash/flex/remoteobject/src/authentication.mxml
>
> I thought this didn't work?

If you run the example you will find the 'onFault' handler is fired  
(with a error saying PyAMF doesn't support auth in RO)

I hope that clears things up!

>
>
> Thanks a lot,
>
> Chris W.
> _______________________________________________
> PyAMF users mailing list - users@...
> http://lists.pyamf.org/mailman/listinfo/users

_______________________________________________
PyAMF users mailing list - users@...
http://lists.pyamf.org/mailman/listinfo/users

The new 0.3 version of AmFast (http://code.google.com/p/amfast/) allows you to use PyAmf's encoder/decoder together with AmFast's remoting framework to enable easily configurable RemoteObject style authentication.