[font=Arial][/font]
I’m developing a site which contains a news section dynamically loaded into a flash movie. In order to stop anyone accessing the .txt file and amending it with whatever drivel they choose, I have secured the directory which contains the .txt file with a .htaccess file. To then get around the problem of the viewer having to give a username and password each time the flash movie tries to access the .txt, I have changed the url for the .txt file to the following:
[color=#003366]http://username:password@www.site.com/securenews_dir/news.txt[/color]
[color=#003366][/color]
by doing this I have been able to bypass the authentication stage without the viewer knowing and have kept the .txt file secured for administrative persons only.
However because of the new security settings of the flash 7 player (i.e. exact domain matching), this action now prompts the allow/deny pop up, I would rather not have.
I have skimmed over the support documents regarding Policy files
and have created a crossdomain.xml file containing the url: [color=#003366]http://username:password@www.site.com[/color] which I placed on the site root.
This causes two main problems for me, the first is that the dynamic content now only loads the on the second hit?!, But more importantly this approach has compromised all my efforts to keep the .txt file secure as the .xml now contains the username and password needed to access the news.txt file and has to be located in the site root for everyone to see!
Back to square one then?
can someone please help me resolve this issue?
