On Tue, April 5, 2005 11:24 am, james tu said: > We have a webserver that we want to turn on/off access. > We were thinking of using simple HTTP authentication to protect the > main webserver directory. > > We have Flash movies that talk to PHP scripts inside the webserver > directory. > > When we have our .htaccess file inside the main webserver directory, > Flash can't comunicate with the PHP scripts. > > So ideally this is what we want...prevent access to the directory but > allow our Flash movies to talk to the PHP scripts in the directory. > > How would I go about doing this? > Can I create a subfolder to put the PHP scripts in and put another > .htaccess in that folder to override the protection? Should work. But then anybody who can figure out what's going on can get to the same scripts Flash can get to. You could also change the URLs in your Flash movie to include the username/password as part of the URL: http://username:password@xxxxxxxxxxxxxxx/secret.php This works for HTTP Basic Authentication only, as far as I know. Downside there is that somebody can probably un-compile the Flash movie and dig out the password if they REALLY want to. So use a password that's not used for anything else. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
