On 3/27/06, Nan Harbison <nanharbison at earthlink.net> wrote: > I have handled this kind of situation, although usually for password > protection for privacy. I create a session once someone has logged in, and > on the swf page, the swf is an include statement IF the password has been > entered, the user gets the content of the page, otherwise they get a message > that they have to log in to see the page, or in your case, to pay. Thank you Nan. I will certainly have some kind of password protection in place (once this gets up and running, that is!) - but my main worry is when they bypass the "swf page" completely and type in the URL of the SWF straight. It's exactly the same situation as typing in the URL of an image compared to the URL of the page that calls the image. eg, http://www.domain.com/goose.gif - vs - http://www.domain.com/page_with_goose.php If the user types in the second URL, you could definitely do a login check. But typing in the first URL offers no such obvious protection, from what I can tell. Cheers! On 3/27/06, Info at internetvraagbaak.nl <info at internetvraagbaak.nl> wrote: > Hi > > Sorry i cannot point you to exact information on this but when you want to > go a step further then hotlicking > you should talk to a system administrator. they should be able to set > permission ( not as easy as chmodding ;-) ) in a way that > cannot accept the swf directly. > > Jeroen Thank you Jeroen. If no one on thelist has blinding flashes of brilliance on this subject, I'm afraid I will have to! I have a deathly fear of sys admins :-) Cheers!