I wish to have my PHP scrits hidden. If I use HT access:

Deny From All

it does not allow Flash to call it. Can you please let me know what I should put in so only my Flash can call it?

Hidden from what?
If it is on a Unix system, put them in a directory with permissions set to 755 and nobody will be able to read them.

Sorry to bump an old thread but struggling with this.

BAsically, the PHP scripts and XML docs that my Flash uses I want to be hidden as they will contain voucher codes. When a user opens the swf through thier browser, if I have sent them a code to use, they will eneter it, the SWF will look through the XML to see if it is valid. As the XML is also on the serverside, I obviously don;t want anyone to directly find it, open it and see all the voucher codes.

I have tried variuos CHMod settings (755/0600/0644). They prevent them opening them through the browser (my main goal), but it also prevents Flash form accessing them meaning it fails.

Any suggestions??

Why are you storing the voucher codes in an XML file?
Store them in a text file, or a Database table if there are a lot of them. Use your PHP script called from Flash to check if a user has entered a valid code.
If you set the permissions of the PHP script to 755, you will still be able to execute it but will not be readable by anyone except you.

move all your xmls into data folder, Lock data with .htaccess, Serve data from public/index.php with session control

more common solution keep your data folder out of public_html

with script you can always access:
file_get_contents('../data/'.$filename);

OK, that's all good stuff, thanks. The reason they're on an XML is that I udnerstand XMLs and how to access them so its probably laziness on my part!

The idea of putting the files out the the public part of the domain seems like a good idea, I'll need to contact my host to find out how to do this as my FTP only takes me to the public part.

There is no need to use a private section of your web space, just beef up the security.

I assume you are reading the XML files from Flash. The problem with that is your SWF can be decompiled, giving access to all of your voucher codes, not a good idea.

If you use the PHP script, to access the text file containing the voucher codes, the name and location of the text file remains secret.

In effect, you would throw the voucher code at the PHP script and the script would return valid/invalid to your SWF. The list of valid voucher codes would never be revealed.

Thank you again, I appreciate you traking the time as I am inexperienced in websites.

So, I can make the PHP 755, which I assume means that nobody through a browser can open it, but Flash can execute it. I understand teh concept of PHP reading the text file and returning to Flash either a SUCCESS/FAIL by opening its own text file. However, how do I 'hide' the location of this text file if its the public_html folder? Surely if its in there, someone could find it just as they could find the XML?

The location of the text file would not be visible so the only way it could be found is if someone guessed the name of it, pretty unlikely but I suppose it is possible.
You could put the text file in a deeper directory, give it a meaningless name and a non standard extension. All these things make it harder to guess the name of it. If you really want to go overboard, do all the things above and encrypt the content.
If you do put the text file in another directory, put a basic index page in there so that if someone manages to discover the name of the directory and tries to list it's content, they are served with a HTML page rather than a file list. You should do that in every directory of your website any way.

if I use username/password of CPanel with Dreamweaver ftp access it gets me one level down public_html

(justhost provider)

I would simply create a text file in the same directory as your PHP script and give it a meaningless name ie. 'kkj7363hg.wob' - nobody is going to guess that.

Sometimes, the simplest security measures are the best.

You right

but if you keep authentication control in this xml file and some of your co-workers found out you keep this file in public_html what you will say on next meeting?

After some playing around, I think I've figured out that I can create a folder with htaccess Deny From All and put the XML in it. Flash cannot read it, but PHP can!

So, I think I'll use your idea of passing the suggested code to PHP from Flash which will search the XML and either return success/fail. As the XML is in a protected folder it cannot be seen in a browser, this should be pretty safe.

Thank you very much, I appreciate it!

I wouldn't rely on the htaccess file for security but that is your decision.

I thought htaccess is secure?

.htaccess is secure

You can also chmod the directory

I agree, you can chmod a directory, which makes htaccess irelevant.

Will do.