how can you allow a mp3 to play but make it hard to steal it off of the server ?

S

surf

I got the code below off of Orielly and the download part is commented
out. It allows someone to play a mp3 off of your web server. My friend
has a cheap $10/year 1and1.com account and I couldln't figure out all
what it has, but I just hacked some html and set up a page so people
can play our songs. I then realized however that the file name is right
in the html page and people could probably easily steal the file off
the server. What can I do about that ? What is a better way to easily
allow them to play the mp3 but make it hard to steal it ?


----------------------------------------


<html>


<a href="heighest_heav.mp3" target="_blank"
onclick="javascript:playerOpen('Ex. 1: Acoustic Guitar',this.href);
return false">Play Some Guitar</a>


<script language="JavaScript" type="text/javascript">

var UniqueID = 314 // Make each link open in a new window
var newWinOffset = 0 // Position of first pop-up

function PlayerOpen(soundfiledesc,soundfilepath) {
PlayWin = window.open('',UniqueID,'width=320,height=190,top=' +
newWinOffset
+',left=0,resizable=0,scrollbars=0,titlebar=0,toolbar=0,menubar=0,status=0,directories=0,personalbar=0');
PlayWin.focus();

var winContent = "<HTML><HEAD><TITLE>" + soundfiledesc +
"</TITLE></HEAD><BODY bgcolor='#FF9900'>";
winContent += "<B
style='font-size:18px;font-family:Verdana,sans-serif;line-height:1.5'>"
+ soundfiledesc + "</B>";

winContent += "<OBJECT width='300' height='42'>";
winContent += "<param name='SRC' value='" + soundfilepath + "'>";
winContent += "<param name='AUTOPLAY' VALUE='true'>";
winContent += "<param name='CONTROLLER' VALUE='true'>";
winContent += "<param name='BGCOLOR' VALUE='#FF9900'>";
winContent += "<EMBED SRC='" + soundfilepath + "' AUTOSTART='TRUE'
LOOP='FALSE' WIDTH='300' HEIGHT='42' CONTROLLER='TRUE'
BGCOLOR='#FF9900'></EMBED>";
winContent += "</OBJECT>";

<!-- winContent += "<p
style='font-size:12px;font-family:Verdana,sans-serif;text-align:center'><a
href='" + soundfilepath +"'>Download this file</a> <SPAN
style='font-size:10px'>(right-click or Option-click)</SPAN></p>";
-->

winContent += "<FORM><DIV align='center'><INPUT type='button'
value='Close this window'
onclick='javascript:window.close();'></DIV></FORM>";
winContent += "</BODY></HTML>";

PlayWin.document.write(winContent);
PlayWin.document.close(); // "Finalizes" new window
UniqueID = UniqueID + 1 // newWinOffset = newWinOffset + 20 //
subsequent pop-ups will be this many pixels lower
}
</script>

</html>
 
D

dd

I'm not an expert in this field but I'll throw in my
2 cents worth.

Basically you can't stop it 100%. The best you
can do is to make it difficult so that the dumbest
of users can't do it.

First of all, don't have the pathname of the mp3
directly visible when someone hovers over a link.
They can most likely just right-click it and select
"save target as" and they've got it. Have the click
go to a javascript function instead. Disabling right
click on the page can also help. A lot of sites do
that to prevent people saving images.

It's easy enough for an advanced user to get around
that by using Fiddler or Charles which shows all
http requests and allows you to copy the URL of
the mp3 file. I do that occasionally to grab a .swf
file. You can also look in your browser cache too.
Setting the TTL (time to live) on the files can work
around that to some extent.

To get around people who've somehow managed to
get the URL of the mp3 file from then going ahead
and downloading it by putting the address into their
browser directly, or into a download manager, is to
setup the server properly. It would need to not allow
http requests to the mp3 files unless the REFERRER
is your domain. This is what automatically happens
when your web page requests your mp3 file. Built into
the request is REFERRER=yourdomain. Anyone who
got the URL and tried to use it directly would fail that
request. Beware, there are IE6/IE7 issues here. I think
one of them has referrer issues where it's set wrong
sometimes.

A more expensive solution is to have an embedded
player in the web page and to stream to it. Anyone
with TotalRecorder can just record the sound playing
on their PC anyway (using the record "what you hear"
option). I imagine myspace does this but I haven't
looked into it.

Even if you do all this, it won't stop the copyright
owners of the mp3 (if that's not you) being annoyed
that you're airing their content without permission
and making it possible (even if difficult) for it to be
stolen.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,754
Messages
2,569,520
Members
44,996
Latest member
rainocode

Latest Threads

Top