Re: [WebDNA] Can I do something with webdna to pass-protect an attempt to access a swf file directly?

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 103452
interpreted = N
texte = Dan, thanks for your reply,... > Put the file(s) in globals and [include] them only upon successful > login. What do you mean ^^^ here? It seems obvious to me, but since I am just doing this for the first time, I have to ask, surely you don't mean to just literally stick this on the pass-protected page: [include file=^dir1/dir2/Introduction.swf] webdna would think I was trying to include literal text, or at best webdna, not a SWF file. (?!) I am about to see if I can make work your latter suggestion.. I just wanted to see what you were saying by the above. -G > > A further protection (which I got from the archives) would be to > serve them via [returnraw] -- half-ass tested by me, seems to work > on Windows XP Home; no promises otherwise: > > [text]theFullPathtoFile=^path/to/your/file/in/globals/theFile.swf[/ > text] > [text]theFileName=theFile.swf[/text] > [text]line_ending=%0D%0A[/text] > > [ReturnRaw binarybody=[theFullPathtoFile]][!] > [/!]HTTP/1.0 200 OK[unurl][line_ending][/unurl][!] > [/!]Status: 200[unurl][line_ending][/unurl][!] > [/!]Content-Type: application/octet-stream[unurl][line_ending][/ > unurl][!] > [/!]Content-Disposition: attachment; filename="[theFileName]"[unurl] > [line_ending][line_ending][/unurl][!] > [/!][/ReturnRaw] > > -Dan > > > On Mon, 24 Aug 2009 18:54:45 -0600 > John Butler wrote: >> Hi all >> I am now writing and installing (cookie/database-based) code to >> pass- protect ("parent") pages such as this one: >> #1) >> http://www.notmyrealdomain.com/dir1/dir2/Introduction.html >> ..so that a user cannot watch a shockwave movie unless he has a >> valid user/pass in my webdna db. >> (This parent page uses javascript to automatically start to play a >> shockwave movie which is in that same directory) >> i.e. this one: >> #2) >> http://www.notmyrealdomain.com/dir1/dir2/Introduction.swf >> I am all set in every way, except that I do not know how to stop a >> user from simply entering the immediately-above path (#2) to the >> swf file directly, and so bypassing my user/pass protection code >> which is in the parent page (#1) (whose path I pasted way above). >> If I manage to get the shared-host server admin to put server-side >> (apache? .htaccess?) "realm protection" on the whole folder then >> the user will never even be able to reach my parent page (#1). If >> I move the swf file to a new directory and manage to reconfigure >> the javascript to work to load it at the new location, then maybe >> it makes sense to use apache/htaccess realm protection for that >> NEW folder which contains ONLY the swf file.. but then will the >> parent page still be able to load the swf file without the apache/ >> htaccess user/ pass? >> Or do you have any suggestions how to solve this? >> I realize this is bordering on OT, but I'd love to solve with pure >> webdna if possible. >> thanks for any feedback, >> -Govinda Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Can I do something with webdna to pass-protect an attempt to access a swf file directly? (Govinda 2009)
  2. Re: [WebDNA] Can I do something with webdna to pass-protect an attempt to access a swf file directly? (Govinda 2009)
  3. [WebDNA] Can I do something with webdna to pass-protect an attempt to access a swf file directly? (John Butler 2009)
Dan, thanks for your reply,... > Put the file(s) in globals and [include] them only upon successful > login. What do you mean ^^^ here? It seems obvious to me, but since I am just doing this for the first time, I have to ask, surely you don't mean to just literally stick this on the pass-protected page: [include file=^dir1/dir2/Introduction.swf] webdna would think I was trying to include literal text, or at best webdna, not a SWF file. (?!) I am about to see if I can make work your latter suggestion.. I just wanted to see what you were saying by the above. -G > > A further protection (which I got from the archives) would be to > serve them via [returnraw] -- half-ass tested by me, seems to work > on Windows XP Home; no promises otherwise: > > [text]theFullPathtoFile=^path/to/your/file/in/globals/theFile.swf[/ > text] > [text]theFileName=theFile.swf[/text] > [text]line_ending=%0D%0A[/text] > > [ReturnRaw binarybody=[theFullPathtoFile]][!] > [/!]HTTP/1.0 200 OK[unurl][line_ending][/unurl][!] > [/!]Status: 200[unurl][line_ending][/unurl][!] > [/!]Content-Type: application/octet-stream[unurl][line_ending][/ > unurl][!] > [/!]Content-Disposition: attachment; filename="[theFileName]"[unurl] > [line_ending][line_ending][/unurl][!] > [/!][/ReturnRaw] > > -Dan > > > On Mon, 24 Aug 2009 18:54:45 -0600 > John Butler wrote: >> Hi all >> I am now writing and installing (cookie/database-based) code to >> pass- protect ("parent") pages such as this one: >> #1) >> http://www.notmyrealdomain.com/dir1/dir2/Introduction.html >> ..so that a user cannot watch a shockwave movie unless he has a >> valid user/pass in my webdna db. >> (This parent page uses javascript to automatically start to play a >> shockwave movie which is in that same directory) >> i.e. this one: >> #2) >> http://www.notmyrealdomain.com/dir1/dir2/Introduction.swf >> I am all set in every way, except that I do not know how to stop a >> user from simply entering the immediately-above path (#2) to the >> swf file directly, and so bypassing my user/pass protection code >> which is in the parent page (#1) (whose path I pasted way above). >> If I manage to get the shared-host server admin to put server-side >> (apache? .htaccess?) "realm protection" on the whole folder then >> the user will never even be able to reach my parent page (#1). If >> I move the swf file to a new directory and manage to reconfigure >> the javascript to work to load it at the new location, then maybe >> it makes sense to use apache/htaccess realm protection for that >> NEW folder which contains ONLY the swf file.. but then will the >> parent page still be able to load the swf file without the apache/ >> htaccess user/ pass? >> Or do you have any suggestions how to solve this? >> I realize this is bordering on OT, but I'd love to solve with pure >> webdna if possible. >> thanks for any feedback, >> -Govinda Govinda

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Detecting/limiting connections in the developer edition ... (2004) Writefile outside WebSTAR hierarchy? (1997) Emailer Set Up (1997) changing order number (1998) Root Folder problems cont. (1998) Make sure I understand this??? (1997) Test (2002) Serial Num (2003) What am I doing wrong? (2000) en/decrypt problem (1999) headers (2004) Secure Server basic question... (1997) 2.0Beta Command Ref (can't find this instruction) (1997) Mondo amounts of Mail [long] (1999) Email Problems (2000) Another question (1997) Error Log (2000) hidden databases (2000) Summing fields (1997) Size issues (2001)