[thelist] Preventing direct access while allowing PHP script access

minty freshness list.terrine at gmail.com
Mon Mar 27 06:16:08 CST 2006

On 3/27/06, Nan Harbison <nanharbison at earthlink.net> wrote:
> I have handled this kind of situation, although usually for password
> protection for privacy. I create a session once someone has logged in, and
> on the swf page, the swf is an include statement IF the password has been
> entered, the user gets the content of the page, otherwise they get a message
> that they have to log in to see the page, or in your case, to pay.

Thank you Nan. I will certainly have some kind of password protection
in place (once this gets up and running, that is!) - but my main worry
is when they bypass the "swf page" completely and type in the URL of
the SWF straight. It's exactly the same situation as typing in the URL
of an image compared to the URL of the page that calls the image. eg,

- vs -

If the user types in the second URL, you could definitely do a login
check. But typing in the first URL offers no such obvious protection,
from what I can tell.


On 3/27/06, Info at internetvraagbaak.nl <info at internetvraagbaak.nl> wrote:
> Hi
> Sorry i cannot point you to exact information on this but when you want to
> go a step further then hotlicking
> you should talk to a system administrator. they should be able to set
> permission ( not as easy as chmodding ;-) ) in a way that
> cannot accept the swf directly.
> Jeroen

Thank you Jeroen. If no one on thelist has blinding flashes of
brilliance on this subject, I'm afraid I will have to! I have a
deathly fear of sys admins :-)


More information about the thelist mailing list