禁止直接访问动态创建的文件
[英]Prevent Direct access to dynamically created file
问题描述
I have a jsp file that generates some files at runtime, which are also used by swfObject in another page. 
我有一个jsp文件,该文件在运行时生成一些文件,另一页面的swfObject也使用这些文件。 But i want to prevent the direct access to those files from browser. 但是我想防止从浏览器直接访问那些文件。 Since my files are generated at runtime of my jsp s, i don't know how to configure it from .htaccess. 由于我的文件是在jsp的运行时生成的,因此我不知道如何从.htaccess配置它。 All the files that i want to prevent access has .xml extension. 我要阻止访问的所有文件都具有.xml扩展名。
Could you offer a method to me ? 你能给我一种方法吗?
1 个解决方案
解决方案1
0 已采纳 2011-12-08 08:35:26
This might be pretty impossible: You want swfObject/Flash to be able to access the files but the browser in which the swfObject/Flash runs should not be able to access the same xml files. 这可能几乎是不可能的:您希望swfObject / Flash能够访问文件,但是运行swfObject / Flash的浏览器应该不能访问相同的xml文件。 For the webserver/.htaccess there is little difference between those two accessing parties. 对于webserver / .htaccess,这两个访问方之间没有什么区别。
If swfObject were to access the jsp directly without the generation of temporary files you could work with a "secret" key that is checked in the jsp before the xml is returned. 如果swfObject直接访问jsp而不生成临时文件,则可以使用“秘密”密钥,该密钥在返回xml之前已在jsp中进行了检查。 But of course everybody that knows his way around will find this key (firebug for the rescue) and can access your xml therefore. 但是,当然,每个知道自己的方式的人都将找到此密钥(用于救助的萤火虫),因此可以访问您的xml。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.