Re: [WebDNA] Can I do something with webdna to pass-protect an attempt to access a swf file directly?

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 103452
interpreted = N
texte = Dan, thanks for your reply,... > Put the file(s) in globals and [include] them only upon successful > login. What do you mean ^^^ here? It seems obvious to me, but since I am just doing this for the first time, I have to ask, surely you don't mean to just literally stick this on the pass-protected page: [include file=^dir1/dir2/Introduction.swf] webdna would think I was trying to include literal text, or at best webdna, not a SWF file. (?!) I am about to see if I can make work your latter suggestion.. I just wanted to see what you were saying by the above. -G > > A further protection (which I got from the archives) would be to > serve them via [returnraw] -- half-ass tested by me, seems to work > on Windows XP Home; no promises otherwise: > > [text]theFullPathtoFile=^path/to/your/file/in/globals/theFile.swf[/ > text] > [text]theFileName=theFile.swf[/text] > [text]line_ending=%0D%0A[/text] > > [ReturnRaw binarybody=[theFullPathtoFile]][!] > [/!]HTTP/1.0 200 OK[unurl][line_ending][/unurl][!] > [/!]Status: 200[unurl][line_ending][/unurl][!] > [/!]Content-Type: application/octet-stream[unurl][line_ending][/ > unurl][!] > [/!]Content-Disposition: attachment; filename="[theFileName]"[unurl] > [line_ending][line_ending][/unurl][!] > [/!][/ReturnRaw] > > -Dan > > > On Mon, 24 Aug 2009 18:54:45 -0600 > John Butler wrote: >> Hi all >> I am now writing and installing (cookie/database-based) code to >> pass- protect ("parent") pages such as this one: >> #1) >> http://www.notmyrealdomain.com/dir1/dir2/Introduction.html >> ..so that a user cannot watch a shockwave movie unless he has a >> valid user/pass in my webdna db. >> (This parent page uses javascript to automatically start to play a >> shockwave movie which is in that same directory) >> i.e. this one: >> #2) >> http://www.notmyrealdomain.com/dir1/dir2/Introduction.swf >> I am all set in every way, except that I do not know how to stop a >> user from simply entering the immediately-above path (#2) to the >> swf file directly, and so bypassing my user/pass protection code >> which is in the parent page (#1) (whose path I pasted way above). >> If I manage to get the shared-host server admin to put server-side >> (apache? .htaccess?) "realm protection" on the whole folder then >> the user will never even be able to reach my parent page (#1). If >> I move the swf file to a new directory and manage to reconfigure >> the javascript to work to load it at the new location, then maybe >> it makes sense to use apache/htaccess realm protection for that >> NEW folder which contains ONLY the swf file.. but then will the >> parent page still be able to load the swf file without the apache/ >> htaccess user/ pass? >> Or do you have any suggestions how to solve this? >> I realize this is bordering on OT, but I'd love to solve with pure >> webdna if possible. >> thanks for any feedback, >> -Govinda Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Can I do something with webdna to pass-protect an attempt to access a swf file directly? (Govinda 2009)
  2. Re: [WebDNA] Can I do something with webdna to pass-protect an attempt to access a swf file directly? (Govinda 2009)
  3. [WebDNA] Can I do something with webdna to pass-protect an attempt to access a swf file directly? (John Butler 2009)
Dan, thanks for your reply,... > Put the file(s) in globals and [include] them only upon successful > login. What do you mean ^^^ here? It seems obvious to me, but since I am just doing this for the first time, I have to ask, surely you don't mean to just literally stick this on the pass-protected page: [include file=^dir1/dir2/Introduction.swf] webdna would think I was trying to include literal text, or at best webdna, not a SWF file. (?!) I am about to see if I can make work your latter suggestion.. I just wanted to see what you were saying by the above. -G > > A further protection (which I got from the archives) would be to > serve them via [returnraw] -- half-ass tested by me, seems to work > on Windows XP Home; no promises otherwise: > > [text]theFullPathtoFile=^path/to/your/file/in/globals/theFile.swf[/ > text] > [text]theFileName=theFile.swf[/text] > [text]line_ending=%0D%0A[/text] > > [ReturnRaw binarybody=[theFullPathtoFile]][!] > [/!]HTTP/1.0 200 OK[unurl][line_ending][/unurl][!] > [/!]Status: 200[unurl][line_ending][/unurl][!] > [/!]Content-Type: application/octet-stream[unurl][line_ending][/ > unurl][!] > [/!]Content-Disposition: attachment; filename="[theFileName]"[unurl] > [line_ending][line_ending][/unurl][!] > [/!][/ReturnRaw] > > -Dan > > > On Mon, 24 Aug 2009 18:54:45 -0600 > John Butler wrote: >> Hi all >> I am now writing and installing (cookie/database-based) code to >> pass- protect ("parent") pages such as this one: >> #1) >> http://www.notmyrealdomain.com/dir1/dir2/Introduction.html >> ..so that a user cannot watch a shockwave movie unless he has a >> valid user/pass in my webdna db. >> (This parent page uses javascript to automatically start to play a >> shockwave movie which is in that same directory) >> i.e. this one: >> #2) >> http://www.notmyrealdomain.com/dir1/dir2/Introduction.swf >> I am all set in every way, except that I do not know how to stop a >> user from simply entering the immediately-above path (#2) to the >> swf file directly, and so bypassing my user/pass protection code >> which is in the parent page (#1) (whose path I pasted way above). >> If I manage to get the shared-host server admin to put server-side >> (apache? .htaccess?) "realm protection" on the whole folder then >> the user will never even be able to reach my parent page (#1). If >> I move the swf file to a new directory and manage to reconfigure >> the javascript to work to load it at the new location, then maybe >> it makes sense to use apache/htaccess realm protection for that >> NEW folder which contains ONLY the swf file.. but then will the >> parent page still be able to load the swf file without the apache/ >> htaccess user/ pass? >> Or do you have any suggestions how to solve this? >> I realize this is bordering on OT, but I'd love to solve with pure >> webdna if possible. >> thanks for any feedback, >> -Govinda Govinda

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Using MySQL and WebDNA (2004) Printing controls - form feeds (2002) Reminder... (2003) OK, here goes... (1997) CommandSecurity? (1997) Tech question about web dna actions (1998) EIMS Problems (1997) [WebDNA] Yet another call for hosts... (2009) guest book problem (2000) Purchae error - Fixed to a degree (1997) [WebDNA] On click show hidden include (2009) Search/sort in URL Was: GuestBook example (1997) [OT] DOD again (2003) using showpage and showcart commands (1996) Search for dates greater than [date] (1997) Intel Mac (2006) WC2.0 Memory Requirements (1997) Catalogs and W* (1996) WebCat2b15MacPlugin - showing [math] (1997) Help! WebCat2 bug (1997)