Hiding MP3 sources - my not-so-great solution. Any advice to make it better?

1,218 views
Skip to first unread message

Remy

unread,
Mar 16, 2010, 6:45:27 AM3/16/10
to jPlayer: the CSS styleable jQuery audio player plugin
Hi,

In my current project, I'd like my visitors to be able to stream MP3's
but not to download them. I know there's no surefire way to do that
but I want to protect them as good as possible. I only use jplayer in
Flash mode.

My first step: using an intermediate file. Let's call it music.php.
All my URLs in the playlist are formed like this: music.php?id=xxxx.
The mp3 file is served from this file using headers (I also make sure
that the MP3s don't stay in the user's cache). This way I obfuscate
the real physical address of my mp3s.

I then use a htaccess file to make sure my MP3s are called from the
site (using RewriteCond and the HTTP_REFERER property). Since my mp3s
must always be called by music.php, I make sure the download from an
external site is disabled in case someone found the real physical
address of my mp3s.

My problem: at first I intended to protect music.php the same way,
since it is called by the jplayer I expected the HTTP_REFERER to
contain the address of my site, but it's actually empty! So, I have to
allow access to music.php for an empty referer. Thus, if someone
pastes the music.php?id=xxxx address in their browser, they will
download the MP3.

Possible workaround: one solution I thought of and have to test, was
to set a session data with the current timestamp everytime the jplayer
starts playing a song, using AJAX. Then, my music.php file would check
if this session data exists and would only allow pointing to the mp3
in the few seconds after the jplayer launched a track. I have to make
sure this works and this is no surefire solution, but this is the only
one I thought of.

Please let me know what you think!

All the best,

Remy

Jonathan

unread,
Mar 16, 2010, 6:54:21 AM3/16/10
to jpl...@googlegroups.com
On Tue, Mar 16, 2010 at 10:45 AM, Remy <remyd...@gmail.com> wrote:
Possible workaround: one solution I thought of and have to test, was
to set a session data with the current timestamp everytime the jplayer
starts playing a song, using AJAX. Then, my music.php file would check
if this session data exists and would only allow pointing to the mp3
in the few seconds after the jplayer launched a track.

I suppose, additionally, you could have a serverside script which would create a one-use symlink to the real file.
In other words, dfoiuwefknas.mp3 could actually be symlinked to music.mp3. As soon as the player started playing, that symbolic link would die.
Then, anyone looking at the source would see dfoiuwefknas.mp3 but that could actually point to a file called dontsteal.mp3 which could be a voice of someone saying "please visit our site to hear the music".
 

Remy

unread,
Mar 16, 2010, 9:57:04 AM3/16/10
to jPlayer: the CSS styleable jQuery audio player plugin
Hi Jonathan,

Thanks for the very quick reply.
It sounds like an interesting solution, but I have no clue how to do
that! Could you please elaborate?

Mark P

unread,
Mar 16, 2010, 3:11:23 PM3/16/10
to jPlayer: the CSS styleable jQuery audio player plugin
This thread here covers a similar topic:
http://groups.google.com/group/jplayer/browse_thread/thread/b34a5ebb19f53e74

Best regards,
Mark P.

Remy

unread,
Mar 17, 2010, 7:21:35 PM3/17/10
to jPlayer: the CSS styleable jQuery audio player plugin
Thanks Mark.

The timestamp solution I had imagined works pretty well, I posted
extra details on it on the thread you linked.

Regards,

Remy

Reply all
Reply to author
Forward
0 new messages