[thelist] Preventing direct access while allowing PHP script access
Ricky Zhou
ricky.zhou at gmail.com
Tue Mar 28 05:36:13 CST 2006
> But if there is need to disable all direct requests to the swf, then
> this would not suffice. On the page there is something like:
> <embed src="/print/me/swf-file.php">
> When the browsers encounters this, it makes an HTTP request for
> /print/me/swf-file.php. But it is also possible to make same request
> directly, i.e. typing the URL in the address bar - this would give the
> swf, and it doesn't make it any different, that it's been printed
> through PHP. What PHP must do is tell direct requests apart from the
> requests initiated by the src attribute of <embed>.
Actually, as that PHP script would check user permissions, only those
that are allowed will be able to view the flash (are you saying that
even paying customers shouldn't be able to view it directly? If this
is the case, then I'm pretty sure that there is no "clean" secure
way-- you'll probably be stuck with repeatedly changing filenames or
something)
Ricky
More information about the thelist
mailing list