I have a question on security matter
I use the sendAndLoad function to send and receive the data from a php file,
which means if I send certain data to the php file, it will process the variable received (POST) than retrieve the relevant data from the database or insert / update the data to the database ~ since the swf and php files are in different server, which means the URL of sendAndLoad function will be something like "http://www.myhome.com/something.php", and that worries me a bit, coz if someone use the SWF decompiler software, then the php file is like expose to the public, "hackers" can just easily create another SWF file and use sendAndLoad function to the same URLs which I used, and they can get the access to the database via the php files, and remember, the php file does not just retrieve data from the database it also write to the database, this is the part that worries me, so ... is there any solution !?
I'm actually thinking about making the php file reconize and response only to the SWF which I created, maybe with session control or MD5 hash or anything else, I don't know ~ please help me to find a solution to solve this security problem ~
detailed coding will be appreciated ~ Image may be NSFW.
Clik here to view.
I use the sendAndLoad function to send and receive the data from a php file,
which means if I send certain data to the php file, it will process the variable received (POST) than retrieve the relevant data from the database or insert / update the data to the database ~ since the swf and php files are in different server, which means the URL of sendAndLoad function will be something like "http://www.myhome.com/something.php", and that worries me a bit, coz if someone use the SWF decompiler software, then the php file is like expose to the public, "hackers" can just easily create another SWF file and use sendAndLoad function to the same URLs which I used, and they can get the access to the database via the php files, and remember, the php file does not just retrieve data from the database it also write to the database, this is the part that worries me, so ... is there any solution !?
I'm actually thinking about making the php file reconize and response only to the SWF which I created, maybe with session control or MD5 hash or anything else, I don't know ~ please help me to find a solution to solve this security problem ~
detailed coding will be appreciated ~ Image may be NSFW.
Clik here to view.
