Is it possible and normal to move a movie (swf) file from the public folder / path to a folder outside the root directory so that the swf may not be directly invoked by any user?
The image above shows the directory structure of my website on my local host. public is the public accessible folder and private is outside the root. With the files placed as shown, all works great. The index.php invokes test.php which has the movie (/movie/movie.swf) embedded in it. Everything works great.
But when I move the movie from the movie folder in public to the movie folder in private, the movie stops working !!?? It displays the first frame and freezes there.
I will be grateful if someone can shed some light on this and can help me get it working from the private folder if that is possible.
If its private, then no one would be able to access it. So yeah, I would expect it not to work. The fact that you’re even seeing the first frame makes me think there’s either some caching maybe happening, or maybe private isn’t so private after all.
Unlike PHP, swfs have to be downloaded by users and run on the client. So they need to be publicly accessible to work at all. PHP is run entirely on the server and not by the user which is why it can exist outside of a public directory and still work. The user only ever sees the results of what PHP produces after it runs, usually as HTML (served from public).
Thanks loads for the reply. You must be right. My only contention is that the movie not be loaded directly since it is being loaded and run through the embedded index.php page or is that reasoning wrong?
As for the first page being cached, so far as I tested, it would load once the path was correct and as soon as the path changed, it would disappear. Now that wouldn’t happen if the page was cached, would it ? Besides I kept clearing the browsing data while testing. I think that would have removed the cached data if any,
You still need to have the swf served publicly. If a user is going to be able to play it at all, it has to be able to be served to them.
If you want to prevent the swf from being loaded directly, I’m not sure if there’s a direct way to just make that happen. One thing you can do is serve the swf with a content-disposition of attachment. That will cause it to be downloaded instead of viewed if loaded directly. But maybe you don’t want that to happen either. One thing I would probably do is have the swf pause at the start unless it was told to play through javascript. If run outside of an html(/php) page, there’d be no javascript to tell it to play. But in the page, the js there can make that happen. Something similar could also be done with flashvars, though naked swfs could get those in the url as GET vars if the user knew what to add there.
Thanks loads for the reply and clarifying that issue to quite an extent. It seems that there is no good security for flash movies. If you can suggest any / some measures that can be taken for securing the swf’s please let me know.
Thanks again. ( By the way you have helped me on various issues earlier and on actionscript forums too. Good to see you here.)
It displays the first frame and freezes there.