thek
Mon 3 July 2006, 04:00 pm GMT +0200
I have a flash which will call a php script.
Whats the best way to make this script can be accessed only from flash ?
Whats the best way to make this script can be accessed only from flash ?
Nikolas
Mon 3 July 2006, 04:53 pm GMT +0200
Check the $_SERVER['HTTP_USER_AGENT'] that flash sends and allow only this.
If flash don't send a user agent header, then you propably can't do much.
If flash don't send a user agent header, then you propably can't do much.
thek
Mon 3 July 2006, 05:01 pm GMT +0200
This server var returns "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)".
There is another server var HTTP_X_FLASH_VERSION which return the version of flash player "8,0,22,0".
But if i develop a application with a browser object i will send this var to php script. So this script isn't secure.
There is another server var HTTP_X_FLASH_VERSION which return the version of flash player "8,0,22,0".
But if i develop a application with a browser object i will send this var to php script. So this script isn't secure.
Nikolas
Mon 3 July 2006, 05:05 pm GMT +0200
Yeah that's true.
Then there is nothing that you can really do except some checks with the session(but this can give you other troubles).
Then there is nothing that you can really do except some checks with the session(but this can give you other troubles).
olaf
Mon 3 July 2006, 10:46 pm GMT +0200
You can do something while checking a the php session id and maybe this is something for you:
http://www.ghostwire.com/go/28
or
http://www.amfphp.org/
but Nick is right, since every flash movie is a local application you can't do very much. I saw application using xml/soap requests for "safe" interacting and I saw somewhere a md5 javascript encryption (but missed the URL). The last one could be the magic...
http://www.ghostwire.com/go/28
or
http://www.amfphp.org/
but Nick is right, since every flash movie is a local application you can't do very much. I saw application using xml/soap requests for "safe" interacting and I saw somewhere a md5 javascript encryption (but missed the URL). The last one could be the magic...
Nikolas
Tue 4 July 2006, 10:31 am GMT +0200
For the md5 javascript code you can check a vbulletin forum (eg. gibberishtalk.com)
olaf
Tue 4 July 2006, 10:47 am GMT +0200
For the md5 javascript code you can check a vbulletin forum (eg. gibberishtalk.com)
Yes if you have this javascript function it's possible to use them together with some action script...
Nikolas
Tue 4 July 2006, 11:20 am GMT +0200
For the md5 javascript code you can check a vbulletin forum (eg. gibberishtalk.com)
Yes if you have this javascript function it's possible to use them together with some action script...
Of course you should allways have in mind that a flash file can be easilly reversed....