Re: [WebDNA] Can I do something with webdna to pass-protect an attempt to access a swf file directly?
This WebDNA talk-list message is from 2009
It keeps the original formatting.
numero = 103452
interpreted = N
texte = Dan, thanks for your reply,...> Put the file(s) in globals and [include] them only upon successful > login.What do you mean ^^^ here? It seems obvious to me, but since I am just doing this for the first time, I have to ask, surely you don't mean to just literally stick this on the pass-protected page:[include file=^dir1/dir2/Introduction.swf]webdna would think I was trying to include literal text, or at best webdna, not a SWF file. (?!)I am about to see if I can make work your latter suggestion.. I just wanted to see what you were saying by the above.-G>> A further protection (which I got from the archives) would be to > serve them via [returnraw] -- half-ass tested by me, seems to work > on Windows XP Home; no promises otherwise:>> [text]theFullPathtoFile=^path/to/your/file/in/globals/theFile.swf[/ > text]> [text]theFileName=theFile.swf[/text]> [text]line_ending=%0D%0A[/text]>> [ReturnRaw binarybody=[theFullPathtoFile]][!]> [/!]HTTP/1.0 200 OK[unurl][line_ending][/unurl][!]> [/!]Status: 200[unurl][line_ending][/unurl][!]> [/!]Content-Type: application/octet-stream[unurl][line_ending][/ > unurl][!]> [/!]Content-Disposition: attachment; filename="[theFileName]"[unurl] > [line_ending][line_ending][/unurl][!]> [/!][/ReturnRaw]>> -Dan>>> On Mon, 24 Aug 2009 18:54:45 -0600> John Butler
wrote:>> Hi all>> I am now writing and installing (cookie/database-based) code to >> pass- protect ("parent") pages such as this one:>> #1)>> http://www.notmyrealdomain.com/dir1/dir2/Introduction.html>> ..so that a user cannot watch a shockwave movie unless he has a >> valid user/pass in my webdna db.>> (This parent page uses javascript to automatically start to play a >> shockwave movie which is in that same directory)>> i.e. this one:>> #2)>> http://www.notmyrealdomain.com/dir1/dir2/Introduction.swf>> I am all set in every way, except that I do not know how to stop a >> user from simply entering the immediately-above path (#2) to the >> swf file directly, and so bypassing my user/pass protection code >> which is in the parent page (#1) (whose path I pasted way above).>> If I manage to get the shared-host server admin to put server-side >> (apache? .htaccess?) "realm protection" on the whole folder then >> the user will never even be able to reach my parent page (#1). If >> I move the swf file to a new directory and manage to reconfigure >> the javascript to work to load it at the new location, then maybe >> it makes sense to use apache/htaccess realm protection for that >> NEW folder which contains ONLY the swf file.. but then will the >> parent page still be able to load the swf file without the apache/ >> htaccess user/ pass?>> Or do you have any suggestions how to solve this?>> I realize this is bordering on OT, but I'd love to solve with pure >> webdna if possible.>> thanks for any feedback,>> -Govinda
Associated Messages, from the most recent to the oldest:
Dan, thanks for your reply,...> Put the file(s) in globals and [include] them only upon successful > login.What do you mean ^^^ here? It seems obvious to me, but since I am just doing this for the first time, I have to ask, surely you don't mean to just literally stick this on the pass-protected page:[include file=^dir1/dir2/Introduction.swf]webdna would think I was trying to include literal text, or at best webdna, not a SWF file. (?!)I am about to see if I can make work your latter suggestion.. I just wanted to see what you were saying by the above.-G>> A further protection (which I got from the archives) would be to > serve them via [returnraw] -- half-ass tested by me, seems to work > on Windows XP Home; no promises otherwise:>> [text]theFullPathtoFile=^path/to/your/file/in/globals/theFile.swf[/ > text]> [text]theFileName=theFile.swf[/text]> [text]line_ending=%0D%0A[/text]>> [ReturnRaw binarybody=[theFullPathtoFile]][!]> [/!]HTTP/1.0 200 OK[unurl][line_ending][/unurl][!]> [/!]Status: 200[unurl][line_ending][/unurl][!]> [/!]Content-Type: application/octet-stream[unurl][line_ending][/ > unurl][!]> [/!]Content-Disposition: attachment; filename="[theFileName]"[unurl] > [line_ending][line_ending][/unurl][!]> [/!][/ReturnRaw]>> -Dan>>> On Mon, 24 Aug 2009 18:54:45 -0600> John Butler wrote:>> Hi all>> I am now writing and installing (cookie/database-based) code to >> pass- protect ("parent") pages such as this one:>> #1)>> http://www.notmyrealdomain.com/dir1/dir2/Introduction.html>> ..so that a user cannot watch a shockwave movie unless he has a >> valid user/pass in my webdna db.>> (This parent page uses javascript to automatically start to play a >> shockwave movie which is in that same directory)>> i.e. this one:>> #2)>> http://www.notmyrealdomain.com/dir1/dir2/Introduction.swf>> I am all set in every way, except that I do not know how to stop a >> user from simply entering the immediately-above path (#2) to the >> swf file directly, and so bypassing my user/pass protection code >> which is in the parent page (#1) (whose path I pasted way above).>> If I manage to get the shared-host server admin to put server-side >> (apache? .htaccess?) "realm protection" on the whole folder then >> the user will never even be able to reach my parent page (#1). If >> I move the swf file to a new directory and manage to reconfigure >> the javascript to work to load it at the new location, then maybe >> it makes sense to use apache/htaccess realm protection for that >> NEW folder which contains ONLY the swf file.. but then will the >> parent page still be able to load the swf file without the apache/ >> htaccess user/ pass?>> Or do you have any suggestions how to solve this?>> I realize this is bordering on OT, but I'd love to solve with pure >> webdna if possible.>> thanks for any feedback,>> -Govinda
Govinda
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Detecting/limiting connections in the developer edition ... (2004)
Writefile outside WebSTAR hierarchy? (1997)
Emailer Set Up (1997)
changing order number (1998)
Root Folder problems cont. (1998)
Make sure I understand this??? (1997)
Test (2002)
Serial Num (2003)
What am I doing wrong? (2000)
en/decrypt problem (1999)
headers (2004)
Secure Server basic question... (1997)
2.0Beta Command Ref (can't find this instruction) (1997)
Mondo amounts of Mail [long] (1999)
Email Problems (2000)
Another question (1997)
Error Log (2000)
hidden databases (2000)
Summing fields (1997)
Size issues (2001)