How can I prevent users from downloading MP3s directly

蓝咒 提交于 2019-12-09 01:39:47

问题


I'm building a web-radio like service, in which the user authenticates to the services, gets a cookie and a Flash-based app plays mp3s from the server. The server only delivers if the client is allowed for that particular mp3.

If a user opens a HTTP logger (like FireBug), he can see the files being downloaded by flash. If he opens the mp3 URL directly via the address bar, he can easily download the MP3, although the URLs are not guessable by the user.

I'm looking for a safe system to prevent the user from downloading the MP3 directly to his system. I have examined last.fm, as they use a similar setup, and somehow they prevent it.


回答1:


In the end, you're not going to be able to stop someone who's determined. However, you can at least make it difficult.

There are several options involving referrer checks, authentication, and fun stuff like that. But probably the most successful anti-downloading check I've seen was one that works like this:

The user indicates that he wants to stream a file; the app makes an authenticated, encrypted request indicating his desired action. The result is a one-use-only and time-limited URL that is recognized by whatever application or CDN is hosting the file. After the URL is used once (i.e. by the flash app) it then expires and can never be used again. If the streaming does not start within a given amount of time (several seconds), the URL likewise expires. Obviously the URL given does not directly correspond to the file name, but is instead authenticated, decoded, and translated server-side.

It's still not impossible to work around, but it's fairly difficult.




回答2:


You might use RTMP instead of HTTP to deliver audio data. RTMP is meant to be used for streaming audio, video and misc data. It streams just data rather than a file. It's not 100% safe, because if something gets to client (browser, flash player, whatever), user can save it, but it's still better than giving a file via HTTP.

You will need a server that supports RTMP though, e.g., Flash Media Server (FMS), Wowza or Red5.



来源:https://stackoverflow.com/questions/7595930/how-can-i-prevent-users-from-downloading-mp3s-directly

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!