Protecting flash component

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Shendemiar
Forum Contributor
Posts: 404
Joined: Thu Jan 08, 2004 8:28 am

Protecting flash component

Post by Shendemiar »

I have a site with php/session/user type security.

I added one nice flash component, but i cannot prevent unlogged users from running it (if they know the url) unless i place it under htaccess protected folder. If i do that it would require for the logged users to enter a different password if they wanted to access that file, even they are logged-in already.

Is there a way to grant certain sessions access to htaccess protected folder by php and how?
mrkite
Forum Contributor
Posts: 104
Joined: Tue Sep 11, 2007 4:19 am

Post by mrkite »

You could have a PHP wrapper script.

It checks the credentials and if they check out, does the following:

Code: Select all

header("Content-Type: application/x-shockwave-flash");
readfile("/path/to/your/flash.swf");
Then on the page you would point to the php script instead of the swf in the object tag. You can even make a "invalid password" flash to display to people who fail credentials.
Post Reply