Xml security

frez · April 4, 2006, 7:42am

i have a flash movie that uses an xml file.

i see that if i type in the url to the xml file in my browser that is shows its entire contents.

how do i prevent this?

Templarian · April 4, 2006, 1:23pm

You can’t. Whats in the file that would create a security risk? And if it does mabey you should find a .php solution…

xmlfile.php?r=[constant random number here]

encrypt your .swf.

if($_get['r'] == [constant random number here]){
print('xml mark up here');
}

You may have to change the header so its seen as a .xml file, but i dont know.

SlowRoasted · April 4, 2006, 1:55pm

You can try storing the xml file above the web directory.

msurgay · April 7, 2006, 4:20pm

Hi. This is possible to deny other users to access your files on the server. Please take a look at this, taken from http://www.edginet.org/techie/website/htaccess.html :
---------------------- ** **

If you want to prevent people from viewing or downloading any files in a particular directory you can just place a .htaccess file like this in that directory.

prevent reading of all files

<Files *>
Deny From All
</Files>
For example, I have a directory which holds include files containing various passwords and web-service keys that I don’t want anybody to be able to see. Ideally this would be stored outside the directory tree that the web-server can serve-up, but on some configurations that is not possible. In this case the .htaccess file above prevents anyone from viewing the files whilst still allowing them to be included in PHP scripts.
You can be more selective about what you allow people to see. This .htaccess file will prevent people from seeing just the files with the .inc suffix. Anything else is accessible.

prevent reading of .inc files

Good Luck !!! =)

Seb_Hughes · April 7, 2006, 4:40pm

If i understood you correctly.

1.Put an idex file
2.Use htpasword
3. Dotn store secert information

teiz77 · April 12, 2006, 7:19am

msurgay:

Hi. This is possible to deny other users to access your files on the server. Please take a look at this, taken from http://www.edginet.org/techie/website/htaccess.html :
---------------------- ** **

If you want to prevent people from viewing or downloading any files in a particular directory you can just place a .htaccess file like this in that directory.

prevent reading of all files

<Files *>
Deny From All
</Files>
For example, I have a directory which holds include files containing various passwords and web-service keys that I don’t want anybody to be able to see. Ideally this would be stored outside the directory tree that the web-server can serve-up, but on some configurations that is not possible. In this case the .htaccess file above prevents anyone from viewing the files whilst still allowing them to be included in PHP scripts.
You can be more selective about what you allow people to see. This .htaccess file will prevent people from seeing just the files with the .inc suffix. Anything else is accessible.

prevent reading of .inc files

<Files *.inc>
Deny From All
</Files>

Good Luck !!! =)

This way flash can’t access the file either. Please remember that flash is a client side application.

frez · April 12, 2006, 12:23pm

Yeah I was thinking the same thing.

Just brainstorming here - but how to people keep their data private?

Would writing a php script to parse and retrieve the xml data be the best way?

If anyone has any examples - I’d love to see them.

Topic	Replies	Views
Flash/xml/php/unix	37	August 18, 2006
Protect xml file	85	August 3, 2010
XML cross domain programming	46	December 14, 2006
Can't access xml file from swf flash	136	December 1, 2007
Hide xml data?	49	June 18, 2006

Xml security

prevent reading of all files

prevent reading of .inc files

Follow:

Popular

Loose Ends

Xml security

prevent reading of all files

prevent reading of .inc files

Related topics

Follow:

Popular

Loose Ends