...

View Full Version : protecting



arne
01-08-2006, 11:56 AM
Hi, i'm making a site for a starting DJ, but when i put a song of him online, everybody is able to download it (by looking at the source code and following the url that leads to the .mp3 file. Is there a way to encode it so it's not possible om some other way to make sure people can't rip the music file of the site?
Help would be greatly appreciated !
THANX in advance !

vinyl-junkie
01-08-2006, 04:10 PM
Put it in a password protected directory.

arne
01-08-2006, 07:11 PM
That won't help, cause it's meant to work this way:
People can listen the song, but not download it. If you put it in a password protected map they can't listen it, until they put in the password, but if they put in the password to hear it, they will also be able to download it, or am i wrong?

Kurashu
01-08-2006, 08:11 PM
Use a flash player and use this .htaccess in the mp3 directory.



Order Deny,Allow
Deny from all
Allow localhost

felgall
01-08-2006, 09:21 PM
If they can listen to it they can dowload it. Decide whether you want to allow people to do both or neither.

Element
01-08-2006, 09:54 PM
You could use what Kurashu suggested. You could even have the player open a dynamic PHP file with the song opened in it, and if a user access that file, it won't open the music. For example, if they went to the file you could simply do something like:




if($_SERVER['HTTP_USER_AGENT']) {
die("Blah");
}



Don't know if it would work, never tried it.

GJay
01-08-2006, 10:19 PM
If someone can listen to the file, they can record it.
There are things can stop some people, but nothing to make it impossible.

ralph l mayo
01-08-2006, 10:26 PM
Putting it in a playlist will stop a lot of people. It's just a plaintext file with the extension .m3u and the url location of your mp3 in it. It'll stop some direct downloads because it tends to get set up to launch automatically in their mp3 players and I don't think a lot of people realize the format is human readable.

Element
01-08-2006, 10:28 PM
Thats obvious, but with ALL web design, no matter the purpose you always assume users are regular surfers. I mean if they go out of there way and desperatley want the song illegally then there is not much to stop them, you just have to assume your viewers regular surfers, so you limit what you can a and hope everything works out.

My friend usually made his own Java player that had the song list built in, so that way they don't see any songs in the applet or anything, but once again if they really wanted to they could use a download manager to download the jar files if you don't have the right APACHE configurations.

Kurashu
01-09-2006, 12:22 AM
If someone can listen to the file, they can record it.
There are things can stop some people, but nothing to make it impossible.

True, you can get almost anything if you really want it. But using a flash player and .htaccess file (with a deny from all except localhost) will stop most of anything short of hacking the server or recording it (in which case, you have ambient sound to deal with).

I'm sure using my method will protect the DJ well enough.

marek_mar
01-09-2006, 12:26 AM
(with a deny from all except localhost)
Wouldn't the flash plug-in/player connect from the users PC?

missing-score
01-09-2006, 12:35 AM
Thats obvious, but with ALL web design, no matter the purpose you always assume users are regular surfers. I mean if they go out of there way and desperatley want the song illegally then there is not much to stop them, you just have to assume your viewers regular surfers, so you limit what you can a and hope everything works out.

NO NO NO!

You assume all users are malicous users, and think about ways that you can get round it, for example if you need to stop people spamming you brainstorm ideas. Assuming all users are regular users is very dangerous and is also something that will severly hold you back.

felgall
01-09-2006, 01:31 AM
Everything that a person sees in their web browser comes from their computer having been downloaded there first. 99.9999% of visitors will respect your ownership of what you have there and will not try to steal it. There is nothing you can do to stop the other .0001% from taking anything from your site that they decide that they want.

missing-score
01-09-2006, 01:37 AM
Everything that a person sees in their web browser comes from their computer having been downloaded there first. 99.9999% of visitors will respect your ownership of what you have there and will not try to steal it. There is nothing you can do to stop the other .0001% from taking anything from your site that they decide that they want.
I think those figures are a bit misleading but my point is that you cant assume anything. Some sites will get much more in the way of troublesome users compared to other sites. My point is that if you assume all your users are malicious you will write something much more secure than if you assume 1/10,000 people are malicious.

Kurashu
01-09-2006, 04:29 AM
Wouldn't the flash plug-in/player connect from the users PC?

Yeah, but the flash script would access the data serverside. Deny would block the entry of the browser but not the flash script which resides on the server, which is allowed due to allow localhost.

I'm pretty sure this'd work.

firepages
01-09-2006, 06:37 AM
I think marek_mar is right in that the flash is clientside and the request is then not going via localhost ? , but if thats the case then you can simply get flash to call a wrapper.php which itself returns the mp3 (that request is via localhost for sure)

even that request would still be easy enough to sniff but I doubt most would know/bother ?

arne
01-09-2006, 06:58 PM
Thank you all for your reactions, it helped me a lot (i've got some ideas now). The numbers of 99,99% 'good' users and 0.01% bad users is totally depending on the site. If you have a site without music, it might be possible. But the DJ is quite popular, and his music is sold, and is not for free for everybody, so that will change the % bigtime !

missing-score
01-09-2006, 07:09 PM
I think marek_mar is right in that the flash is clientside and the request is then not going via localhost ? , but if thats the case then you can simply get flash to call a wrapper.php which itself returns the mp3 (that request is via localhost for sure)

even that request would still be easy enough to sniff but I doubt most would know/bother ?
Yeah he is, flash HTTP requests are the same as any other requests unless you are using some special method of connecting to the server.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum