hello all,
i have php files that my swf needs for database access that i’d like to restrict access to so no one other than the swf can gain access to for security reasons. seeking best practice for this.
can’t simply do an .htaccess redirect away from the directory w/ the php in it since the swf client will also get redirected.
one way is to embed a key into the swf which gets POSTed to the php file. if this key doesn’t exist then the php file sends an error message rather than executing. but then someone could crack the swf and get the key. and if the swf retrieves the the key from the server then there still must be an unprotected file for the swf to get the key from.
another way is to .htaccess protect the folder with the php files and allow the swf to authenticate. is this best? if so, how to do this?
what’s your thinking?
tia,
michael
