Well I need this specifically to prevent man-in-the-middle attacks. I'm
But how are you talking to it then, after you checked it's the right one
in particular? Normally you wouldn't manage the connection in JavaScript
but use, say, XMLHttpRequest to transfer resources, and between checking
for the right server, and dispatch of the new request the connection may
have been "re"-established with the wrong server.
Thats not how Flex http works AFAIK. It establishes connection upon launch
and keeps it open. All http connectivity is managed by the browser as app
runs inside Flash player. As a result I dont have access to connectivity
functions directly, but I can run any JS code by calling proper browser
interface method. So, my idea was to run some JS code that would return SSL
certificate fingerprint which my app will compare against known fingerprint.
FWIW I can do the check on every service call, it's no big deal since all
service calls are centralized in single class.
Peter