i don't know if this is more of a php question or an
actionscript question, so i'm posting in two forums about this.
is there a way to make a php script only executable by a
flash movie? i've come up with a very mild form of security, but
it's next to nothing as it uses GET to pass a variable between the
two. basically, flash gives the php a variable with a value in the
sendAndLoad. the php script then checks the value of that variable
first, and dies if it's not correct. this is very simple to
overcome, so i'm looking for something a little more secure. any
I'm no security expert, but here's two quick thoughts
1. Use amfphp instead to call your server side function.
2. Check the headers if you're using POST. Flash sends a
header identifying it as a flash request. (Could be spoofed, but a
regular browser won't send it).
killer, thanks rockstar. i wanted to stay away from post,
just because of how my movie is setup. this amfphp though is super
coolio. wow! not only does it solve this problem but i've had a
side project on hold forever because it's json.... woo hoo!
You're welcome. yes amfphp is fantastic. But json is also not
a problem either, particularly if the data is not going to be
large. You can do it in flash. I'm using it at the moment instead
of amfphp. there's a json class at json.org