To be clear: Let us say I have a view app/default/view.html, which has a flash file (say FLASH.swf) embedded inside it. One can access this view only if s/he has proper permission. The flash file is supposed to be accessible only on permission too. But, what if someone tries to directly access the flash file (http://server/location/FLASH.swf)?
FWIW, the flash file is a legacy file and I can not change/remove it (at least not in near future).