Write Password Protected XML File

[kranzoky]

I have my flash setup so that it stores information in an XML file. It grabs the current XML file and then appends the new data to the end of the XML file. It does this by using the short PHP file below:

PHP Code:

<?php
if (isset($GLOBALS["HTTP_RAW_POST_DATA"])){
//    $xml = xmldoc($GLOBALS["HTTP_RAW_POST_DATA"]);
    $xml = $GLOBALS["HTTP_RAW_POST_DATA"];
    $file = fopen("data.xml","wb");
    fwrite($file, $xml);
    fclose($file);
//    echo("<status>File saved.</status>");
    echo($GLOBALS["HTTP_RAW_POST_DATA"]);
}
?>

The problem is that I want to make it so people can't just go and grab the data.xml file. How do I protect the data.xml file so that no one can access it unless it is accessed via the Flash?

I have tried messing with some .htaccess settings but can't seem to get it to work. I was thinking I could create some kind of .htaccess setting so that the data.xml file would be password protected and only the swf and php file could have access to it. Is that possible? Is there a better way?

Thanks!

[5TonsOfFlax]

No. If you password protect it, you must then store that password in the swf. Anyone can get at that. Even if they can't decompile the deg, they could monitor the network traffic. And even if they can't do that, they can look in the browser cache.

Also, I believe that if 2 people try to save at the same time, your "database" will become corrupted.

[5TonsOfFlax]

No. If you password protect it, you must then store that password in the swf. Anyone can get at that. Even if they can't decompile the deg, they could monitor the network traffic. And even if they can't do that, they can look in the browser cache.

Also, I believe that if 2 people try to save at the same time, your "database" will become corrupted.

[flosculus]

make the xml file permissions 700, this way it is only accessible on the server.

you basically have the right idea, however if you want to be able to access specific data from the xml file, you will have to write php to do that instead of flash.

do some reading up: http://php.net/manual/en/book.xml.php

another way is to send all xml data to flash, make php send the contents of the xml file to flash as a string, that way you can convert the string into valid xml, however the security would be compromised as 5tons explained.

you dont need passwords to do any of what your trying to do.

flos

[noblesilence]

No. If you password protect it, you must then store that password in the swf. Anyone can get at that. Even if they can't decompile the deg, they could monitor the network traffic. And even if they can't do that, they can look in the browser cache.

Also, I believe that if 2 people try to save at the same time, your "database" will become corrupted.

Could you please tell me how to password protect an XML file and store that password in the swf to read the XML file? My program needs just that. Thank you very much!