On 5/8/06, Brian <[EMAIL PROTECTED]> wrote:
I have a flash app that accesses .xml files.

The source is viewable and some creative crackers have figured out how to
meld a url together to get vital information from those .xml's.

I need to prevent the web client from directly accessing them.

Is there a directive (such as Apache's) or mechnisim to keep web clients
from accessing yet allow my app access these files?

Somthing like

<FilesMatch \.(?i:gif|jpe?g|xml)$>
   Order allow,deny
   Allow from <some file name>
   Deny from all
   <some other web trick>

in zope.conf or ???

Zopes security is based on being authenticated, so no. What you can do
it let the Flash app login as a special user, and make the files only
accessible to that user. To prevent people from sneaking the password
from the IP-traffic, you also need to use SSL from the Flash app.

Lennart Regebro, Nuxeo     http://www.nuxeo.com/
CPS Content Management     http://www.cps-project.org/
Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to