450 posts
  • 8 Years of Membership
  • Australia
  • Blog Interview
  • Collector Level 2
+5 more
vahid
Envato team
says

Hi All, I’ve just added some information in the FAQ ’s on the inclusion of PHP scripts in Flash files. Here it is in a nut shell:

No running PHP on Eden/FlashDen servers.

Allowing people to run executable code on Eden servers is terrible for security (and even performance). For demo/preview purposes Authors can either:

‘stub’ out a files output (say a PHP file that reads all images in a folder and spits it out to XML that a Flash file can understand), or upload working PHP applications to their own server. For Flash to talk from flashden.net to the PHP application on another domain the Author must add a file called ‘crossdomain.xml’ with access permissions for flashden.net.

Note that if the Author choses to host the PHP application on a separate server, this will add an external dependency to their file, so the Author would be responsible for any downtime of their PHP application. Additionally there is the possibility of FlashDen causing a high amount of bandwidth to be consumed, and they should be aware of that. We do not check PHP files – at all.

We do not allow PHP to be run on Eden/FlashDen servers and we do not check PHP code. If the Item contains any code, we assume that the Author has checked it for quality purposes, however Please use at your own risk.

Authors should specify minimum PHP version (i.e. 4 or 5)

There are some significant differences between PHP 4 and 5, and this needs to be specified to prevent problems. Author can specify this in the description text box.

Authors need to handle magic quotes.

This is worth it’s own mention. This directive is typically make or break between hosts, and is turned on or off depending the System Admin’s preference.

Buyers need to be familiar with common PHP security issues.

There are quite a few, especially because you’re usually running on shared hosts, and even more so because there is basically no built-in input sanity checking.

There is a loads of decent information on PHP security on the subject – just do a quick search on google.

578 posts
  • 9 Years of Membership
  • Affiliate Level 1
  • Australia
  • Author Level 1
+6 more
ryan
says

Yep :) And this is an evolving policy based on my 2 year old knowledge of PHP . If you’re doing any PHP and want to contest any of these rules, please do.

3868 posts
  • 8 Years of Membership
  • Affiliate Level 5
  • Author Level 5
  • Beta Tester
+10 more
flashjunkie
says

good stuff, i tend to host the entire file on my server when using php, seems to run better :)

Jay

by
by
by
by
by
by