JeremyCanada26 Posted June 1, 2010 Share Posted June 1, 2010 Hi, I'm sending files from a flash application to my webserver and currently the file is sent along with some name/value pairs. The file is uploaded fully then the php executes. Is there any way for me to reverse this process?(trying to save bandwidth wherever possible here folks) I'd like to do authentication first somehow and then if the user authenticates, then do a file upload rather than allow the script to just go crazy allowing all. Quote Link to comment Share on other sites More sharing options...
Adam Posted June 1, 2010 Share Posted June 1, 2010 Why don't you validate them before you display the upload form? Edit: Ah, flash. Quote Link to comment Share on other sites More sharing options...
JeremyCanada26 Posted June 1, 2010 Author Share Posted June 1, 2010 On first request of the application, I do in fact verify them when they pull their initial userData. Is there any way I can store something (i'm thinking session?) and on the subsequent request retrieve it or what? not exactly sure how I would do that though Quote Link to comment Share on other sites More sharing options...
JeremyCanada26 Posted June 1, 2010 Author Share Posted June 1, 2010 Why don't you validate them before you display the upload form? Edit: Ah, flash. ahh ok I finally get what you mean by that. You are suggesting that because I'm using flash that it might be impossible to do right? Quote Link to comment Share on other sites More sharing options...
Adam Posted June 2, 2010 Share Posted June 2, 2010 No this shouldn't be impossible - I believe you can make HTTP requests with Flash? You could make a request to a PHP script that will return some indicator they have the right authentication to upload a file..? I guess it depends how embedded the Flash is, is it just the form you display or is it part of a larger Flash site or something? The latter being more awkward as you can't just conditionally display the application. To be honest I don't really know a massive amount about Flash so I may not be of any use here. Quote Link to comment Share on other sites More sharing options...
JeremyCanada26 Posted June 2, 2010 Author Share Posted June 2, 2010 Making first a request to see if they are authorize would be good but that doesn't resolve my issue because the second request is what sends the actual file and so if an attacker were to simply just stop the first request from leaving my application, then they could send the second request still. I think the whole problem is because http is stateless so no matter what I do, the file must be uploaded along with the authentication request and if the file has to be uploaded, then it's already too late to solve the problem. The problem is that I want to stop the uploaded file from being uploaded if the user isn't signed in(in order to save bandwidth on those requests) So my problem is that I have to pay for bandwidth on http requests from my flash application to my webserver even on requests in which the php script will determine the user wasn't authenticated and exits the script. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.