how can you allow a mp3 to play but make it hard to steal it off of the server ?

Discussion in 'Javascript' started by surf, Jan 22, 2007.

  1. surf

    surf Guest

    I got the code below off of Orielly and the download part is commented
    out. It allows someone to play a mp3 off of your web server. My friend
    has a cheap $10/year 1and1.com account and I couldln't figure out all
    what it has, but I just hacked some html and set up a page so people
    can play our songs. I then realized however that the file name is right
    in the html page and people could probably easily steal the file off
    the server. What can I do about that ? What is a better way to easily
    allow them to play the mp3 but make it hard to steal it ?


    ----------------------------------------


    <html>


    <a href="heighest_heav.mp3" target="_blank"
    onclick="javascript:playerOpen('Ex. 1: Acoustic Guitar',this.href);
    return false">Play Some Guitar</a>


    <script language="JavaScript" type="text/javascript">

    var UniqueID = 314 // Make each link open in a new window
    var newWinOffset = 0 // Position of first pop-up

    function PlayerOpen(soundfiledesc,soundfilepath) {
    PlayWin = window.open('',UniqueID,'width=320,height=190,top=' +
    newWinOffset
    +',left=0,resizable=0,scrollbars=0,titlebar=0,toolbar=0,menubar=0,status=0,directories=0,personalbar=0');
    PlayWin.focus();

    var winContent = "<HTML><HEAD><TITLE>" + soundfiledesc +
    "</TITLE></HEAD><BODY bgcolor='#FF9900'>";
    winContent += "<B
    style='font-size:18px;font-family:Verdana,sans-serif;line-height:1.5'>"
    + soundfiledesc + "</B>";

    winContent += "<OBJECT width='300' height='42'>";
    winContent += "<param name='SRC' value='" + soundfilepath + "'>";
    winContent += "<param name='AUTOPLAY' VALUE='true'>";
    winContent += "<param name='CONTROLLER' VALUE='true'>";
    winContent += "<param name='BGCOLOR' VALUE='#FF9900'>";
    winContent += "<EMBED SRC='" + soundfilepath + "' AUTOSTART='TRUE'
    LOOP='FALSE' WIDTH='300' HEIGHT='42' CONTROLLER='TRUE'
    BGCOLOR='#FF9900'></EMBED>";
    winContent += "</OBJECT>";

    <!-- winContent += "<p
    style='font-size:12px;font-family:Verdana,sans-serif;text-align:center'><a
    href='" + soundfilepath +"'>Download this file</a> <SPAN
    style='font-size:10px'>(right-click or Option-click)</SPAN></p>";
    -->

    winContent += "<FORM><DIV align='center'><INPUT type='button'
    value='Close this window'
    onclick='javascript:window.close();'></DIV></FORM>";
    winContent += "</BODY></HTML>";

    PlayWin.document.write(winContent);
    PlayWin.document.close(); // "Finalizes" new window
    UniqueID = UniqueID + 1 // newWinOffset = newWinOffset + 20 //
    subsequent pop-ups will be this many pixels lower
    }
    </script>

    </html>
    surf, Jan 22, 2007
    #1
    1. Advertising

  2. surf

    dd Guest

    I'm not an expert in this field but I'll throw in my
    2 cents worth.

    Basically you can't stop it 100%. The best you
    can do is to make it difficult so that the dumbest
    of users can't do it.

    First of all, don't have the pathname of the mp3
    directly visible when someone hovers over a link.
    They can most likely just right-click it and select
    "save target as" and they've got it. Have the click
    go to a javascript function instead. Disabling right
    click on the page can also help. A lot of sites do
    that to prevent people saving images.

    It's easy enough for an advanced user to get around
    that by using Fiddler or Charles which shows all
    http requests and allows you to copy the URL of
    the mp3 file. I do that occasionally to grab a .swf
    file. You can also look in your browser cache too.
    Setting the TTL (time to live) on the files can work
    around that to some extent.

    To get around people who've somehow managed to
    get the URL of the mp3 file from then going ahead
    and downloading it by putting the address into their
    browser directly, or into a download manager, is to
    setup the server properly. It would need to not allow
    http requests to the mp3 files unless the REFERRER
    is your domain. This is what automatically happens
    when your web page requests your mp3 file. Built into
    the request is REFERRER=yourdomain. Anyone who
    got the URL and tried to use it directly would fail that
    request. Beware, there are IE6/IE7 issues here. I think
    one of them has referrer issues where it's set wrong
    sometimes.

    A more expensive solution is to have an embedded
    player in the web page and to stream to it. Anyone
    with TotalRecorder can just record the sound playing
    on their PC anyway (using the record "what you hear"
    option). I imagine myspace does this but I haven't
    looked into it.

    Even if you do all this, it won't stop the copyright
    owners of the mp3 (if that's not you) being annoyed
    that you're airing their content without permission
    and making it possible (even if difficult) for it to be
    stolen.
    dd, Jan 23, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Daniel Dyer
    Replies:
    6
    Views:
    19,891
    Knute Johnson
    Jan 22, 2006
  2. Just Allan
    Replies:
    3
    Views:
    430
    Just Allan
    Jun 26, 2004
  3. Asle Frantzen

    Mp3-player - how to play an mp3?

    Asle Frantzen, Jul 8, 2003, in forum: C++
    Replies:
    5
    Views:
    667
    Kelsey Bjarnason
    Jul 22, 2003
  4. Piter
    Replies:
    1
    Views:
    339
  5. HY Tech
    Replies:
    0
    Views:
    616
    HY Tech
    Sep 7, 2003
Loading...

Share This Page