No-database Flash-PHP chat. Part II Security and Usability features

Objectives

In the first article of the series we have built some basic functionality for our “No-database” Flash-PHP Chat application. Once the concept has been proven, application security becomes developers’ top priority.

Although the topic is broad and complex, in this case it does not involve much coding. Meanwhile it will require a fair amount of instructions and explanations, mostly because it’s it closely related to another important element – application usability.
To make sure we cover all the aspects the iterations #2 and #3 have both been entirely dedicated to this subject.

In this article you will learn about the following:

• Server directory Security.
  We will talk about simple measures designed to prevent hackers from uploading, accessing and executing scripts on the server. You will find out how with the aid of PHP Flash can load the content of a file which is not accessible from the web.
  
  
• Application Security.
  We will start talking about user level security, things like preventing simultaneous multiple log-ins by the same users, maintaining the list of active chat users and tracking log-ins.
  
  

In the next article we will continue working on the user-level security and will concentrate on the Logout procedure:

• Tracking  log-outs as well as making sure the application is notified by the server when a user logs-out by closing the browser window. Dramatically titled section “The last wish of Flash” will describe a method allowing to notify the web server when the browser window is being closed.
  
  
• Enforcing log-out if a participant is utilizing more then one browser window for that same chat session.
  
  
• We will add the interface element which will not only display the list of chat participants but will also, if desired, allow for additional functionality such as private messaging.