3
Contributors
14
Replies
16
Views
6 Years
Discussion Span
Last Post by morteza_ipo
0

Hello , maybe this is one that you can’t find easy in internet ( I mean you should search for more than 10 minutes to understand the answer).

What really mean to secure a swf (or any other file type) from outsiders ? when it must be in public_htm in order to be obtained by anyone. I will give you one of my ways … make a folder lets call it flash and with an .htaccess file redirect the requests in the listener.php of that directory. Grab the url path that requested and make your original program / script to call it with a name that has something to do with session id for example or any other user obtained variables mixed and hashed.

Than if this hash is in session (or in any other way you use to obtain data) get the binary data from a folder above public_html (lets say src) display them and then delete all the session (or persistent) variables.

Of course this is a way that will make harder for a content to be stolen but not impossible … everything published can obtain…

0

Create a file called .htaccess and add

<Files Untitled.swf>
  order allow,deny
  deny from all
</Files>

Although this would deny access to the flash file even via index.html, so a better way would be to deny hotlinking.

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://myhostname\.com/.*$ [NC]
RewriteRule \.(swf)$ - [F]

It would still be possible to download the file I think.

Calum

0

Dear jkon and CalumMc.
Thanks for helping!

I created .htaccess file with this content:

RewriteEngine On
RewriteBase /
RewriteRule ^(.*)$ index.php
RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5})$

Everything is okay! but have problems! :'(
My CSS and images files cannot be load!

My swf file call a other flash file! means:

Untitled_toolbar.swf --> call --> Untitled.swf
and everybody can see Untitled.swf file! Untitled_toolbar.swf is video controller!
Now with this htaccess file we can see Untitled_toolbar.swf file but we cannot see Untitled.swf file! :(

This is object tag of index.php file:

<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,28;" WIDTH=910 HEIGHT=608><PARAM NAME=movie VALUE="Untitled_toolbar.swf"> <PARAM NAME=quality VALUE=high> <PARAM NAME=bgcolor VALUE="#FFFFFF"><param name="allowFullScreen" value="true" ><EMBED src="Untitled_toolbar.swf" allowfullscreen="true" quality=high bgcolor="#FFFFFF"  WIDTH=910 HEIGHT=608 TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash"></EMBED></OBJECT>

Edited by morteza_ipo: n/a

0

My all links is broken!!!!! include of img , src , href ,....

Plz help me!

Edited by morteza_ipo: n/a

0

Hello M0rteza

The reason all your links are broken is because this line of code

RewriteRule ^(.*)$ index.php

is rewriting ALL of the other files to index.php.

I don't think its possible without editing Untitled_toolbar.swf, maybe you could just give Untitled.swf a long random name. Take a look here

Calum

0

I can create a single flash file.
what I am doing now?
I removed that line , but this is not good!!! not work!!

0

if you can create a single file then

Untitled.php

<?php
if($_SESSION['id'] == $_GET['id'])
{
header("content-type: application/x-shockwave-flash"); 
$flash = file_get_contents('Untitled.swf');
print $flash;

}
else
{
print 'Please do not view this file directly.';
}
unset($_SESSION['id']); 
?>

.htaccess

<Files Untitled.swf>
  order allow,deny
  deny from all
</Files>

embed code

<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,28;" WIDTH=910 HEIGHT=608><PARAM NAME=movie VALUE="Untitled.php<?php
$rand = rand();
$rand = md5($rand);
session_start(); 
$_SESSION['id'] = $rand;
print '?id='.$rand.'';
?>"> <PARAM NAME=quality VALUE=high> <PARAM NAME=bgcolor VALUE="#FFFFFF"><param name="allowFullScreen" value="true" ><EMBED src="Untitled.phpUntitled.php<?php
$rand = rand();
$rand = md5($rand);
session_start(); 
$_SESSION['id'] = $rand;
print '?id='.$rand.'';
?>" allowfullscreen="true" quality=high bgcolor="#FFFFFF"  WIDTH=910 HEIGHT=608 TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash"></EMBED></OBJECT>

this might work.

calum

0

what?
I want to remove index.php file!!
when the user type http://...../com/a/b/c

I want to control a,b,c address with index.php file!
plz help

I don't know what you mean, try removing .htaccess to see if thats stopping css and images

0

Thanks a lot! that's right! :D

I have question ! if I removed index.php file with htaccess , how to use images and css files?

Edited by morteza_ipo: n/a

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.