protect file from http access

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
manoj_jnics1
Forum Newbie
Posts: 2
Joined: Thu Apr 02, 2009 6:58 am

protect file from http access

Post by manoj_jnics1 »

I want to protect a file from the users, which prints xml
The xml output would be used for flash programming
for example :
http://www.mydomain.com/xml.php

I want to protect the file from http access.

At this time user can veiw the output xml.php while I want to give this output to a flash player olny.
If I keep this file outside of public_html, it does not give output to flash. Can I give xml output using php command line.

--Manoj
User avatar
JAB Creations
DevNet Resident
Posts: 2341
Joined: Thu Jan 13, 2005 6:44 pm
Location: Sarasota Florida
Contact:

Re: protect file from http access

Post by JAB Creations »

You're very likely looking for this... :wink:
http://www.google.com/#hl=en&q=apache+authentication
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: protect file from http access

Post by jaoudestudios »

Put it in a subfolder and use a .htaccess file to protect it from http
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: protect file from http access

Post by kaisellgren »

jaoudestudios wrote:Put it in a subfolder and use a .htaccess file to protect it from http
If you block the HTTP -protocol access, then how is your Flash application going to fetch this XML data? If the Flash application uses a different protocol, then anyone else can use this same protocol, too. Blocking a protocol is not really helping, he needs authentication as previously stated by JAB Creations.
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: protect file from http access

Post by jaoudestudios »

kaisellgren wrote:
jaoudestudios wrote:Put it in a subfolder and use a .htaccess file to protect it from http
If you block the HTTP -protocol access, then how is your Flash application going to fetch this XML data? If the Flash application uses a different protocol, then anyone else can use this same protocol, too. Blocking a protocol is not really helping, he needs authentication as previously stated by JAB Creations.
Fair point, but from what I remember there is a way to only allow local access to that php file in the subdirectory with the use of .htaccess file.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: protect file from http access

Post by kaisellgren »

jaoudestudios wrote:Fair point, but from what I remember there is a way to only allow local access to that php file in the subdirectory with the use of .htaccess file.
Probably, although I doubt this Flash application runs locally on the web server. :P
leonel.machava
Forum Newbie
Posts: 10
Joined: Fri May 15, 2009 4:28 pm

Re: protect file from http access

Post by leonel.machava »

kaisellgren wrote:
jaoudestudios wrote:Fair point, but from what I remember there is a way to only allow local access to that php file in the subdirectory with the use of .htaccess file.
Probably, although I doubt this Flash application runs locally on the web server. :P
Hi guys!

If the flash application is deployed on a machine with a fixed address (IP or DNS), we can use an .htaccess file. The inconvenience happens when the flash application later changes or uses another address. By the other side, using the authentication approach the flash application could be deployed at an arbitrary address. The authentication approach is scalable.

Personally, I would go by the authentication approach.
To implement this you can use built-in HTTP Authentication or a customized one.
If you need help applying this approach just let us know.
Post Reply