Deny access to XML files

Is there a way to deny direct access to a XML file without affecting access to the 开发者_C百科SWF?

Just if you implement a way to validate the SWF itself at the site, like using GET or POST variables. The XML requested by the SWF is retrieved by the browser.

The GET or POST validation will grant access to the file to the right request, so if someone understands the scheme it'll be able to request the file from any browser.

You will always be able to intercept the XML file on the way to the SWF using a HTTP debugger like Fiddle. So there is no point trying to hide it.