11.19. Transmitting Data Securely
You want to transmit data, such as credit card numbers, securely.
Use HTTPS to send the data over a secure channel or, if that is not possible, use a third-party encryption library for one-way data encryption.
Flash can use the same protocols for data transmission—HTTP or HTTPS—as HTML pages. A great many servers are set up to accept communication over the insecure HTTP protocol only. Transmitting unencrypted data over HTTP is not secure and should be used only when the data is not sensitive. For example, if you are sending survey responses to the server, you might not care if that information can be seen by others. But insecure transmission compromises credit card numbers and other sensitive financial or personal information. Although a complete discussion of security is beyond the scope of this book, there are many good resources on security.
If you are not using an off-the-shelf solution, such as SSL, there are many non-obvious pitfalls that can leave your data vulnerable. Leave the protocol design to the experts or consult a book that addresses secure cryptographic protocol design: Secure Programming Cookbook for C and C++ by Viega and Messier (O’Reilly) or Practical Cryptography (not Applied Cryptography) by Schneier and Ferguson (Wiley).
Be aware that various encryption algorithms deemed secure today may be considered insecure in the near future due to advances in cryptanalysis and computer processor performance ...