[Zope] Preventing files from being viewed by web clients

Andreas Jung lists at zopyx.com
Mon May 8 14:32:46 EDT 2006



--On 8. Mai 2006 13:19:02 -0500 Brian <brian at texnet.com> wrote:

> I have a flash app that accesses .xml files.
>
> The source is viewable and some creative crackers have figured out how to
> meld a url together to get vital information from those .xml's.
>
> I need to prevent the web client from directly accessing them.
>
> Is there a directive (such as Apache's) or mechnisim to keep web clients
> from accessing yet allow my app access these files?
>

This question makes little sense. If your flash app must accest the .xml 
file then it must be accessible for everyone. You think about checking the
user agent for flash apps but all this stuff can be faked.

-aj


-- 
ZOPYX Ltd. & Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany
Web: www.zopyx.com - Email: info at zopyx.com - Phone +49 - 7071 - 793376
E-Publishing, Python, Zope & Plone development, Consulting
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope/attachments/20060508/c56f7b6f/attachment.bin


More information about the Zope mailing list