[thelist] Preventing direct access while allowing PHP scriptaccess
Nan Harbison
nanharbison at earthlink.net
Mon Mar 27 07:05:18 CST 2006
oh, sorry, I didn't see what you meant.
Can't you do a mod rewrite so that if someone types in the image directly,
it takes them to a different place?
-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org]On Behalf Of minty freshness
Sent: Monday, March 27, 2006 7:16 AM
To: thelist at lists.evolt.org
Subject: Re: [thelist] Preventing direct access while allowing PHP
scriptaccess
On 3/27/06, Nan Harbison <nanharbison at earthlink.net> wrote:
> I have handled this kind of situation, although usually for password
> protection for privacy. I create a session once someone has logged in, and
> on the swf page, the swf is an include statement IF the password has been
> entered, the user gets the content of the page, otherwise they get a
message
> that they have to log in to see the page, or in your case, to pay.
Thank you Nan. I will certainly have some kind of password protection
in place (once this gets up and running, that is!) - but my main worry
is when they bypass the "swf page" completely and type in the URL of
the SWF straight. It's exactly the same situation as typing in the URL
of an image compared to the URL of the page that calls the image. eg,
http://www.domain.com/goose.gif
- vs -
http://www.domain.com/page_with_goose.php
If the user types in the second URL, you could definitely do a login
check. But typing in the first URL offers no such obvious protection,
from what I can tell.
Cheers!
On 3/27/06, Info at internetvraagbaak.nl <info at internetvraagbaak.nl> wrote:
> Hi
>
> Sorry i cannot point you to exact information on this but when you want to
> go a step further then hotlicking
> you should talk to a system administrator. they should be able to set
> permission ( not as easy as chmodding ;-) ) in a way that
> cannot accept the swf directly.
>
> Jeroen
Thank you Jeroen. If no one on thelist has blinding flashes of
brilliance on this subject, I'm afraid I will have to! I have a
deathly fear of sys admins :-)
Cheers!
--
* * Please support the community that supports you. * *
http://evolt.org/help_support_evolt/
For unsubscribe and other options, including the Tip Harvester
and archives of thelist go to: http://lists.evolt.org
Workers of the Web, evolt !
More information about the thelist
mailing list
