Re: [WebDNA] Can I do something with webdna to pass-protect an attempt to access a swf file directly?

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 103452
interpreted = N
texte = Dan, thanks for your reply,... > Put the file(s) in globals and [include] them only upon successful > login. What do you mean ^^^ here? It seems obvious to me, but since I am just doing this for the first time, I have to ask, surely you don't mean to just literally stick this on the pass-protected page: [include file=^dir1/dir2/Introduction.swf] webdna would think I was trying to include literal text, or at best webdna, not a SWF file. (?!) I am about to see if I can make work your latter suggestion.. I just wanted to see what you were saying by the above. -G > > A further protection (which I got from the archives) would be to > serve them via [returnraw] -- half-ass tested by me, seems to work > on Windows XP Home; no promises otherwise: > > [text]theFullPathtoFile=^path/to/your/file/in/globals/theFile.swf[/ > text] > [text]theFileName=theFile.swf[/text] > [text]line_ending=%0D%0A[/text] > > [ReturnRaw binarybody=[theFullPathtoFile]][!] > [/!]HTTP/1.0 200 OK[unurl][line_ending][/unurl][!] > [/!]Status: 200[unurl][line_ending][/unurl][!] > [/!]Content-Type: application/octet-stream[unurl][line_ending][/ > unurl][!] > [/!]Content-Disposition: attachment; filename="[theFileName]"[unurl] > [line_ending][line_ending][/unurl][!] > [/!][/ReturnRaw] > > -Dan > > > On Mon, 24 Aug 2009 18:54:45 -0600 > John Butler wrote: >> Hi all >> I am now writing and installing (cookie/database-based) code to >> pass- protect ("parent") pages such as this one: >> #1) >> http://www.notmyrealdomain.com/dir1/dir2/Introduction.html >> ..so that a user cannot watch a shockwave movie unless he has a >> valid user/pass in my webdna db. >> (This parent page uses javascript to automatically start to play a >> shockwave movie which is in that same directory) >> i.e. this one: >> #2) >> http://www.notmyrealdomain.com/dir1/dir2/Introduction.swf >> I am all set in every way, except that I do not know how to stop a >> user from simply entering the immediately-above path (#2) to the >> swf file directly, and so bypassing my user/pass protection code >> which is in the parent page (#1) (whose path I pasted way above). >> If I manage to get the shared-host server admin to put server-side >> (apache? .htaccess?) "realm protection" on the whole folder then >> the user will never even be able to reach my parent page (#1). If >> I move the swf file to a new directory and manage to reconfigure >> the javascript to work to load it at the new location, then maybe >> it makes sense to use apache/htaccess realm protection for that >> NEW folder which contains ONLY the swf file.. but then will the >> parent page still be able to load the swf file without the apache/ >> htaccess user/ pass? >> Or do you have any suggestions how to solve this? >> I realize this is bordering on OT, but I'd love to solve with pure >> webdna if possible. >> thanks for any feedback, >> -Govinda Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Can I do something with webdna to pass-protect an attempt to access a swf file directly? (Govinda 2009)
  2. Re: [WebDNA] Can I do something with webdna to pass-protect an attempt to access a swf file directly? (Govinda 2009)
  3. [WebDNA] Can I do something with webdna to pass-protect an attempt to access a swf file directly? (John Butler 2009)
Dan, thanks for your reply,... > Put the file(s) in globals and [include] them only upon successful > login. What do you mean ^^^ here? It seems obvious to me, but since I am just doing this for the first time, I have to ask, surely you don't mean to just literally stick this on the pass-protected page: [include file=^dir1/dir2/Introduction.swf] webdna would think I was trying to include literal text, or at best webdna, not a SWF file. (?!) I am about to see if I can make work your latter suggestion.. I just wanted to see what you were saying by the above. -G > > A further protection (which I got from the archives) would be to > serve them via [returnraw] -- half-ass tested by me, seems to work > on Windows XP Home; no promises otherwise: > > [text]theFullPathtoFile=^path/to/your/file/in/globals/theFile.swf[/ > text] > [text]theFileName=theFile.swf[/text] > [text]line_ending=%0D%0A[/text] > > [ReturnRaw binarybody=[theFullPathtoFile]][!] > [/!]HTTP/1.0 200 OK[unurl][line_ending][/unurl][!] > [/!]Status: 200[unurl][line_ending][/unurl][!] > [/!]Content-Type: application/octet-stream[unurl][line_ending][/ > unurl][!] > [/!]Content-Disposition: attachment; filename="[theFileName]"[unurl] > [line_ending][line_ending][/unurl][!] > [/!][/ReturnRaw] > > -Dan > > > On Mon, 24 Aug 2009 18:54:45 -0600 > John Butler wrote: >> Hi all >> I am now writing and installing (cookie/database-based) code to >> pass- protect ("parent") pages such as this one: >> #1) >> http://www.notmyrealdomain.com/dir1/dir2/Introduction.html >> ..so that a user cannot watch a shockwave movie unless he has a >> valid user/pass in my webdna db. >> (This parent page uses javascript to automatically start to play a >> shockwave movie which is in that same directory) >> i.e. this one: >> #2) >> http://www.notmyrealdomain.com/dir1/dir2/Introduction.swf >> I am all set in every way, except that I do not know how to stop a >> user from simply entering the immediately-above path (#2) to the >> swf file directly, and so bypassing my user/pass protection code >> which is in the parent page (#1) (whose path I pasted way above). >> If I manage to get the shared-host server admin to put server-side >> (apache? .htaccess?) "realm protection" on the whole folder then >> the user will never even be able to reach my parent page (#1). If >> I move the swf file to a new directory and manage to reconfigure >> the javascript to work to load it at the new location, then maybe >> it makes sense to use apache/htaccess realm protection for that >> NEW folder which contains ONLY the swf file.. but then will the >> parent page still be able to load the swf file without the apache/ >> htaccess user/ pass? >> Or do you have any suggestions how to solve this? >> I realize this is bordering on OT, but I'd love to solve with pure >> webdna if possible. >> thanks for any feedback, >> -Govinda Govinda

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

How do I get multiple unique numbers on one template? (2000) Modulo function? (2000) WebCat shared memory? (1999) [SearchString] problem with [search] context (1997) writefile to create static pages (2003) Speed/performance issues using .hdr (1997) List Archives (2005) [Fwd: Rotating Banners ... (was LinkExchange)] (1997) [TaxableTotal] - not working with AOL and IE (1997) notification solutions (1997) SiteGuard Admin Feature ? (1997) Assigning new CART number (1997) [WebDNA] WebDNA Host needed urgently (2013) Include an include file as raw webDNA (2002) Question from a Neebie (2000) WebCat2b15MacPlugin - showing [math] (1997) Country & Ship-to address & other fields ? (1997) Frames and WebCat (1997) Banners and sort of random display (1997) system crashes, event log (1997)