Here is a chance for you to make my developers look bad.
I have hired these guys to development my website which, in part, has music demos available to my users. These demos must include the entire piece with a spoiler in the background so users can not record them freely. The files must be secure! My original request was to have them build an application that merged the two files (spoiler and original music) into a single mp3 file and have this available as the demo. Then it would be OK if users were to download the demo.
However, my developers choose to do it this way instead. They use Flash Player to play both the spoiler sound and the original music simultaneously. This seems to work OK except the browser window containing the demo includes the URL. Even a simple hack like me can use this URL to access the source code of the page and identify the mp3 (or other type) music file address. With this the music file can be freely downloaded (without the spoiler). My developer tells me he can not make the page appear without the URL. There must be a way to do this. Is there a way?
Here is a link to my web site page containing demos. You can click on the music icons to initiate the demo and see the browser window, with the URL exposed.
http://www.gracesskate closet.com/allMusicForsale .aspx?size=2
Note this site is under development and will be changing as better solutions are found. Note that my developer’s latest fix was to put a password on the music directory. I don’t know what he was thinking. This completely defeats the purpose of the demo. Users can no longer hear the demos. However, you can still see the browser window with the URL exposed as discussed here.
2 3924 kestrel 1,071
Recognized Expert Top Contributor
im a bit confused, you're asking if you can play the music without the direct link, correct?
Motoma 3,237
Recognized Expert Specialist
The only way to securely do this is by having the two sound files merged before they are every touched by Flash. I would strongly suggest that you maintain a "dirty" version of the sound file in the database along with the "clean" one and only download the clean one once it has been purchased. You would be quite smart to make sure that the locations (i.e. URLs) are not set up in such a way that there is no foreseeable relationship between the "dirty" and "clean" filenames/URLs.
The reason for this is that even though you may not be able to "see" the URL directly, someone could easily take a packet sniffer and use the relationship between the two files to extrapolate your entire database.
Additionally, your Flash application should never have direct contact to your "pay" content.
Finally, fire your smacktard employees and hire real programmers who are experienced in the use of business logic.
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: TonyJeffs |
last post by:
This isn't really a Javascript question - apologies if inappropriate-
I don't know where to ask.
This code in my website works fine on some pcs - it automatically
loads media player and plays the music file when the page opens.
But on others, media player opens but the music file won't download.
As far as I can tell the setup of my laptop & desktop are similar (W98
2ed)
Why won't the following code work correctly on my laptop - and...
|
by: Sony Music CDs install Malware |
last post by:
Whether you are a web surfer or a C++ developer, if you use Windows be
cautioned about SONY music CDs. They contain 'viewer' type software that is
actually a trojan horse for a "rootkit". The licence agreement gives no
indication whatsoever that the 'viewer' software contains the implementation
of a nasty near-impossible to remove rootkit software.
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
...
|
by: paytam |
last post by:
How can I design a simple sound player in C.I also don't know the
structre of music files format.Please help me.
|
by: vladislavf |
last post by:
Hi All,
On my web server during an user request I generate dynamicaly a small
wav file and then send it to the browser by calling to:
Response.TransmitFile ( eventFileName );
The problem is that browser on a client machine opens automatically the
media player.
Is there a way to eliminate this behaviour ?
And another question:
Is there better way to implement this flow?
|
by: gnarl |
last post by:
Hello all,
I'm developing a site in PHP4 for a music artist, who wants music to
play across all their pages. I have loaded a simple flash applet to
play the music, but every time the visitor to the site moves to a
different page the music starts again. The artist would like the music
to play continuously.
I can only think of three possible ways to solve this, and I am not
happy with any of them.
| |
by: Suresh P |
last post by:
Hi All,
Is there any way other than frames to play music in the background of
the website without restart while navigating to different pages of the
website.
Because, frames will affect the SEO.
Is it possible to achieve it via cookies/sessions?
|
by: sniperelite |
last post by:
i had to create a program for a programming class final, it breaks dow like this. i have 2 textboxes for user input, a drivelistbox which is linked to a dirlistbox which is also linked to a filelistbox so the user can choose the drive his music is on then find the folder the music is in and if others are like me you have so much music it takes for ever to find the artist or song you are looking for so i made a button that searchs the filelistbox...
|
by: rabindra123 |
last post by:
hi everyone,
I want a music player for the greetings card which can run on .mp3,.midi,.mov file and also it should run in all the browser.Any idea plaese help
|
by: hsriat |
last post by:
Please suggest me a decent music player.
My requirements are:
JavaScript is able to add songs to the playlist dynamically.
JavaScript can select which song to play.
I don't care for 'music not being able to download'. Player doesn't have to have visible controls. Just a Play button is enough (that too controlled by JS)
Not a solution then some pointer towards how to start with?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |