[thelist] Preventing direct access while allowing PHP script access
kasimir-k
evolt at kasimir-k.fi
Tue Mar 28 06:51:36 CST 2006
Ricky Zhou scribeva in 28/03/2006 11:36:
> Actually, as that PHP script would check user permissions, only those
> that are allowed will be able to view the flash (are you saying that
> even paying customers shouldn't be able to view it directly?
Well, as the OP
minty freshness scribeva in 27/03/2006 11:10:
> However, I want to prevent people from simply
> typing in something like "http://www.domain.com/swf/someswf.swf" and
> accessing it directly (mainly because I want to extract money from
> them first,
There are two things:
- extract money
- prevent direct access
Money extraction can be accomplished with any access control. And once
an user has paid and accessed the swf, the it really doesn't matter if
they after that access it directly - as they in any case already have
it. So from money extraction point of view there is no reason to prevent
direct access, or any other special gimmicks - just password protecting
appropriate directory is enough.
But if the OP has some other reasons for preventing direct access, then
absolutely yes:
> If this
> is the case, then I'm pretty sure that there is no "clean" secure
> way-- you'll probably be stuck with repeatedly changing filenames or
> something)
Or actually, the filenames can remain the same, but aliases must be
created separately for each authorized request.
Overall, I think the OP might have some confusion in the question, and
the whole shebang is only of academic interest - if even that :-)
.k
<tip type="example domain names" author="kasimir-k">
Want to make an example URL but don't want to use your existing domain
name? Many still use examples like:
http://www.domain.com/ or
http://www.mycompany.com/ etc.
But there's one problem with these: they are existing domain names and
actually in use - this may lead to confusion and problems.
The correct example domain names are - surprise, surprise - example.com,
example.net and example.org
http://www.rfc-editor.org/rfc/rfc2606.txt
</tip>
More information about the thelist
mailing list