By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,808 Members | 1,477 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,808 IT Pros & Developers. It's quick & easy.

Music Player Security - How do I hide the browser URL?

P: 1
Here is a chance for you to make my developers look bad.

I have hired these guys to development my website which, in part, has music demos available to my users. These demos must include the entire piece with a spoiler in the background so users can not record them freely. The files must be secure! My original request was to have them build an application that merged the two files (spoiler and original music) into a single mp3 file and have this available as the demo. Then it would be OK if users were to download the demo.

However, my developers choose to do it this way instead. They use Flash Player to play both the spoiler sound and the original music simultaneously. This seems to work OK except the browser window containing the demo includes the URL. Even a simple hack like me can use this URL to access the source code of the page and identify the mp3 (or other type) music file address. With this the music file can be freely downloaded (without the spoiler). My developer tells me he can not make the page appear without the URL. There must be a way to do this. Is there a way?

Here is a link to my web site page containing demos. You can click on the music icons to initiate the demo and see the browser window, with the URL exposed.

http://www.gracesskatecloset.com/allMusicForsale.aspx?size=2

Note this site is under development and will be changing as better solutions are found. Note that my developerís latest fix was to put a password on the music directory. I donít know what he was thinking. This completely defeats the purpose of the demo. Users can no longer hear the demos. However, you can still see the browser window with the URL exposed as discussed here.
May 15 '07 #1
Share this Question
Share on Google+
2 Replies


kestrel
Expert 100+
P: 1,071
im a bit confused, you're asking if you can play the music without the direct link, correct?
May 15 '07 #2

Motoma
Expert 2.5K+
P: 3,235
The only way to securely do this is by having the two sound files merged before they are every touched by Flash. I would strongly suggest that you maintain a "dirty" version of the sound file in the database along with the "clean" one and only download the clean one once it has been purchased. You would be quite smart to make sure that the locations (i.e. URLs) are not set up in such a way that there is no foreseeable relationship between the "dirty" and "clean" filenames/URLs.

The reason for this is that even though you may not be able to "see" the URL directly, someone could easily take a packet sniffer and use the relationship between the two files to extrapolate your entire database.

Additionally, your Flash application should never have direct contact to your "pay" content.

Finally, fire your smacktard employees and hire real programmers who are experienced in the use of business logic.
May 16 '07 #3

Post your reply

Sign in to post your reply or Sign up for a free account.