8 Replies Latest reply on Oct 19, 2007 6:23 AM by cicnats

    flash and .htpasswd

    cicnats Level 1
      I am building a flash content editor, which loads data from php scripts from a server. It loads sucessfully when the swf is on the same server, and when I test the project locally from inside Flash. But now I've thought that it would be a good idea to protect the folder on the server that contains the php scripts with .htaccess and .htpasswd .

      All well, but now I can't load the data from inside flash anymore. Is there a way for the flash to identify itself, because there is no authorisation popup, like when you access the directory in a browser?
        • 1. Re: flash and .htpasswd
          Gorka Ludlow Level 1
          How about instead of protecting the php files with hta you simply put them in an folder that has no access to the Internet, hence your swf will be able to call them if you reference them locally but noone else will.

          Cheers,
          Gorka
          www.AquiGorka.com
          • 2. flash and .htpasswd
            cicnats Level 1
            well.. the content editor is meant for the client to edit data for their site, if they can't access the editor there's not much point to it...

            When the swf is online it'll work fine, it's just a bit tedious to have to upload it every time I want to test my changes.
            • 3. Re: flash and .htpasswd
              Gorka Ludlow Level 1
              What I meant, is put the php files in a non Internet accesed folder and keep the flash movie in the current folder. This way only the flash movia has acces to the phps from the server. If you need to protect the flash movie why not implement a user/login script directly in it?

              If you're creating a project with a flash executable maybe you could implement the user/login functionality within the php scripts and keep the users logged via session variables.

              Cheers,
              Gorka
              www.AquiGorka.com
              • 4. flash and .htpasswd
                cicnats Level 1
                I want both the flash and the php files (once it's all up and running) completely off-limit to anybody not authorised, but I want it to be also accessible to both me and the client, so I can't have the php files anywhere local (in a non internet accessed folder, as far as I understand)

                That would also require (as far as I understand), that I (and the client) have a php server running on my(and their) machine, and that any maintenance would require updating php files on both machines... and all of that is simply out of the question..

                So ok, as far as I get it, it can't be done, I'll just have to leave the folder open during development (as it has been since I noticed this problem) and protect it once it's finished. So far it's not a big problem, I think, since the published site is still getting its data off static files..

                thanks for the ideas anyway...
                • 5. Re: flash and .htpasswd
                  cayennecode Level 1
                  flash has no way of accessing an htaccess protected folder...to the best of my knowledge.
                  • 6. Re: flash and .htpasswd
                    cicnats Level 1
                    ok, thanks
                    • 7. Re: flash and .htpasswd
                      Gorka Ludlow Level 1
                      What you could do then is implement the secure interface (user login) via flash (with php help) so that the swf movies are accesible to all but only the few with credentials can use them.

                      Cheers,
                      Gorka
                      www.AquiGorka.com
                      • 8. Re: flash and .htpasswd
                        cicnats Level 1
                        well, that's not a bad idea..

                        I was thinking, ok, but then anyone can still get to the php files...

                        but if the editor doesn't access anything before authorised other than to check the authorisation.. then they can't see which files are accessed by the swf.. (if there's an index.html or some other way to prevent directory listing.. )

                        i think..