I am working on a project that uses PHP , AS3, and AMFPHP .
The project allows users to upload and download images among other things. Since I am fairly new to PHP/FLash security I have been trying to gather as much info about making things as secure as possible. I've got some good advise about using .htaccess files, and a few other tricks.
My main question at the moment is how to hide the "path" info from and to the PHP / assets / and to and from the AMFPHP services ...
Currently I have all the paths hard-coded in one .as that returns an object with the paths to any of the other classes that need/request it. I found this method to work well since I only need to change this one .AS , and it will branch out to the other classes that need it.
I'm not super worried about others decompiling my code, and they could probably "sniff" out the paths if they really wanted. I'm mostly concerned with allowing others easy access to all of my AMFPHP services or being allowed to parts of the site I do not wish them to be. basically I realize that things aren't gonna be 100% secure regardless, but would like to take precautions.
So my main question is ... Whats the best- simplest way to obscure / hide the paths being used in a PHP - AS3 project ? ... I entertained the possibly of PHP includes or even a SQL database if need be. I rather not spend a bunch of time and money on questionable obfuscatory software, unless there's a tried and true ( and inexpensive) one for flash (not flex). .. and I currently do not have a SSL but don't know how critical - common this is. --
