[thelist] Preventing direct access while allowing PHP script access

kasimir-k evolt at kasimir-k.fi
Tue Mar 28 06:51:36 CST 2006

Ricky Zhou scribeva in 28/03/2006 11:36:
> Actually, as that PHP script would check user permissions, only those
> that are allowed will be able to view the flash (are you saying that
> even paying customers shouldn't be able to view it directly?

Well, as the OP
minty freshness scribeva in 27/03/2006 11:10:
> However, I want to prevent people from simply
> typing in something like "http://www.domain.com/swf/someswf.swf" and
> accessing it directly (mainly because I want to extract money from
> them first, 

There are two things:
- extract money
- prevent direct access

Money extraction can be accomplished with any access control. And once 
an user has paid and accessed the swf, the it really doesn't matter if 
they after that access it directly - as they in any case already have 
it. So from money extraction point of view there is no reason to prevent 
direct access, or any other special gimmicks - just password protecting 
appropriate directory is enough.

But if the OP has some other reasons for preventing direct access, then 
absolutely yes:

> If this
> is the case, then I'm pretty sure that there is no "clean" secure
> way-- you'll probably be stuck with repeatedly changing filenames or
> something)

Or actually, the filenames can remain the same, but aliases must be 
created separately for each authorized request.

Overall, I think the OP might have some confusion in the question, and 
the whole shebang is only of academic interest - if even that :-)


<tip type="example domain names" author="kasimir-k">

Want to make an example URL but don't want to use your existing domain 
name? Many still use examples like:
http://www.domain.com/ or
http://www.mycompany.com/ etc.

But there's one problem with these: they are existing domain names and 
actually in use - this may lead to confusion and problems.

The correct example domain names are - surprise, surprise - example.com, 
example.net and example.org



More information about the thelist mailing list