File Security - Protect Against Nasty Softwares

goaman

Hi guys,
How to protect my files againt some HTTP POST/GET Tracers?

Sessions, Cookies, Get vars.. these all are useless when it comes to POST/GET Tracing Softwares.

I've made a little mp3 player in falsh for my site, player.php sends the domain name and the song name to flash, and flash player has the mp3 folder informations, when it receives php vars from php, it tries to combine the file location; Domain+Folder+FileName.

This (or any POST/GET activities) can be easily track down using HTTP POST/GET tracking softwares by opening aditional port on localhost.

I need help to fix this issue. The answers will help many others too who want to protect their files against such nasty softwares.

TIA

jkurrle

A cheesy work around might be to write a temporary text file with all required info, then pass the name of the text file to the calling app to read. The text file name could be randomly generated as it is created, avoiding duplicate filenames on the server.

The receiving app could then load the text file information. Once the information is verified to be accurate, the text file could be deleted.

While cheesy, this would provide you with a pretty secure way of passing information without giving out too many trade secrets. Also, some web hosts, like Yahoo business do mod_rewrite tricks, which cause their SSL directories to look like they are subdirectories, when in fact they are hosted on seperate servers. Passing POST'ed information doesn't work, and you don't want to pass all that info on your URL with a GET. So, you pass the text include as a get (no extension, as your receiving script knows what the extension is).

Hope this gives you a few ideas...