[thelist] Preventing direct access while allowing PHP script access
Robert Gormley
robert at pennyonthesidewalk.com
Mon Mar 27 07:51:53 CST 2006
The simple answer - to my mind - would be, assuming Apache, to use a
.htaccess. Disallow web requests for the file. Allow, however,
filesystem access, and use the SWF functions to generate a swf using the
?filename= as a parameter. A la where you see "<img
src="script/stats.php">, along those lines. Then you can wrap even
further access control into the PHP.
Or, if using LightTPD, look into mod_secdownload which changes a URL
every 30 seconds via MD5 hash, quite cleanly and elegantly.
Rob
minty freshness wrote:
> Now, I want my PHP script, eg, something like
> "http://www.domain.com/swf_me_up.php?filename=someswf" to be able to
> access these, obviously. However, I want to prevent people from simply
> typing in something like "http://www.domain.com/swf/someswf.swf" and
> accessing it directly (mainly because I want to extract money from
> them first, *rubs mercenarious hands*).
>
More information about the thelist
mailing list