I have a question on security matter
I use the sendAndLoad function to send and receive the data from a php file,
which means if I send certain data to the php file, it will process the variable received (POST) than retrieve the relevant data from the database or insert / update the data to the database ~ since the swf and php files are in different server, which means the URL of sendAndLoad function will be something like "http://www.myhome.com/something.php", (http://www.myhome.com/something.php) and that worries me a bit, coz if someone use the SWF decompiler software, then the php file is like expose to the public, "hackers" can just easily create another SWF file and use sendAndLoad function to the same URLs which I used, and they can get the access to the database via the php files, and remember, the php file does not just retrieve data from the database it also write to the database, this is the part that worries me, so ... is there any solution !?
I'm actually thinking about making the php file reconize and response only to the SWF which I created, maybe with session control or MD5 hash or anything else....... I don't know ~
Actually the flash file that i created is a plugin for blog, this means that the swf file and php are in the same server but the swf file is embedded into pages on all different servers.... any idea how can I solve this security issue !? example of codes will be appreciated ~

but the swf file is embedded into pages on all different servers
Are you getting the data from the server in all your different servers where the swf is embeded !!?
You will not be getting data from different servers unless otherwise there is a CrossDomain Policy file in the root of the server from which you are getting data.This policy file will define the servers which are able to get data from this server.

Are you getting the data from the server in all your different servers where the swf is embeded !!?
You will not be getting data from different servers unless otherwise there is a CrossDomain Policy file in the root of the server from which you are getting data.This policy file will define the servers which are able to get data from this server.

the embedded pages in all different locations are getting data from the server without any problem. the following is an example~
<embed src="http://www.myhome.com/blog_plugin/blog.swf?id=15 (http://www.myhome.com/blog_plugin/blog.swf?id=15)" allowScriptAccess="always" type="application/x-shockwave-flash" width="160" height="350"/>

when the swf is loaded, it will execute the action script sendAndLoad()
eg. xxx.sendAndLoad("http://www.mypage.com/blog_plugin/init.php (http://www.mypage.com/blog_plugin/init.php)", Lindex_lv, "POST");

which will send variables to init.php file with $_POST method, when the init.php file received certain variable(s), it will decide what action(s) with the database should be taken, request for data or write to the database, which means php file actually do all the communication with database, if it receive a "write command" from the swf file, it will "write" to the database, in fact, not only swf can access the database via the php file, any html that send $_POST variable with right variable name and value to the right php file can cause that php file to do it's job (communicate with database), therefore I have to find a way to prevent the php files from doing so ~ any idea how ?