I want users to be able to upload mp3s and also be able to play them through a player embedded on a page. I know it's impossible to stop dedicated users from copying the audio by directly recording it from the computers output but I want to make it difficult or impossible for a user to just copy a URL and paste it which will allow them direct access to the data.
Currently, what I am doing is:
The problem is the url to the controller that feeds the data is accessable. So if a user looks at the source of the page and copy pastes the url in the address bar, the web server will happily spew the mp3 data to them.
Does anyone have any suggestions on how to make this more difficult to do? Thanks.
Use a PHP script to mask the location so
http://www.site.com/files/foo.mp3
Becomes
http://www.site.com/files.php?fn=foo.mp3
Flash is probably the next step from there. Maybe have it used some form of one-time id to authorize the download using shared state. Your session_id will come in helpful here.
Remember: Flash may keep a cache in some temporary folder ... I know I used to find /tmp/aiden-sdjks/foo.mp3 on some players. There might be a better streaming solution in flash that takes another file format on the backend?
At least this stops people looking in the source and finding the URL. Unless they go to the effort of reverse engineering the player and writing their own to spit out the download.
Security through obscurity is a dangerous road to head down however. Someone, with enough effort, will always succeed. Look at how BBCIplayer does their DRMification, might help.