如何使用户难以将mp3文件从我的网站保存到他们的硬盘上?
[英]How do I make it difficult for users to save mp3 files from my site to their hard drives?
问题描述
I want users to be able to upload mp3s and also be able to play them through a player embedded on a page. 
我希望用户能够上传mp3,也可以通过嵌入在页面上的播放器进行播放。 I know it's impossible to stop dedicated users from copying the audio by directly recording it from the computers output but I want to make it difficult or impossible for a user to just copy a URL and paste it which will allow them direct access to the data. 我知道不可能通过直接从计算机输出中记录来阻止专用用户复制音频,但是我想让用户很难或不可能仅复制URL并粘贴它,从而使他们可以直接访问数据。
Currently, what I am doing is: 目前,我正在做的是:
- Saving the mp3 files to a directory that is not accessable to my web server. 将mp3文件保存到Web服务器无法访问的目录中。
- Using headers to change the mime type to text/html instead of audio/mpeg (my swf player doesn't care it just reads the data) 使用标头将mime类型更改为text / html而不是audio / mpeg(我的swf播放器不在乎它只是读取数据)
The problem is the url to the controller that feeds the data is accessable. 问题是提供数据的控制器的URL是可访问的。 So if a user looks at the source of the page and copy pastes the url in the address bar, the web server will happily spew the mp3 data to them. 因此,如果用户查看页面的源并将复制的URL粘贴到地址栏中,则Web服务器将很乐意向他们发送mp3数据。
Does anyone have any suggestions on how to make this more difficult to do? 有谁对如何使它变得更困难有任何建议? Thanks. 谢谢。
5 个解决方案
解决方案1
2 已采纳 2009-05-16 17:54:10
Use a PHP script to mask the location so 使用PHP脚本掩盖位置,以便
http://www.site.com/files/foo.mp3
Becomes 变
http://www.site.com/files.php?fn=foo.mp3
Flash is probably the next step from there. Flash可能是下一步。 Maybe have it used some form of one-time id to authorize the download using shared state. 也许它使用某种形式的一次性ID来使用共享状态授权下载。 Your session_id will come in helpful here. 您的session_id将对您有所帮助。
Remember: Flash may keep a cache in some temporary folder ... I know I used to find /tmp/aiden-sdjks/foo.mp3 on some players. 请记住:Flash可能会在某些临时文件夹中保留缓存...我知道我曾经在某些播放器上找到过/tmp/aiden-sdjks/foo.mp3。 There might be a better streaming solution in flash that takes another file format on the backend? 闪存中可能会有更好的流传输解决方案,该解决方案在后端采用另一种文件格式?
At least this stops people looking in the source and finding the URL. 至少这阻止了人们在源中查找URL。 Unless they go to the effort of reverse engineering the player and writing their own to spit out the download. 除非他们努力对播放器进行反向工程并编写自己的文件以吐出下载内容。
Security through obscurity is a dangerous road to head down however. 但是,通过默默无闻来实现安全是一条危险的道路。 Someone, with enough effort, will always succeed. 只要有足够的努力,任何人都会永远成功。 Look at how BBCIplayer does their DRMification, might help. 看一下BBCIplayer如何进行DRM验证,可能会有所帮助。
解决方案2
2 2009-05-16 17:55:15
Connected straight to a file on a server with Flash is called progressive streaming. 使用Flash直接连接到服务器上的文件称为渐进式流传输。 This makes the Flash player load the entire file from the server when playing. 这使得Flash Player在播放时会从服务器加载整个文件。 There is another solution:streaming that only loads a small fraction of data into the users machine at any time during playback. 还有另一种解决方案:流传输在回放期间的任何时间仅将一小部分数据加载到用户计算机中。
The most reliable option for flash is to use a streaming server for your content. 闪存最可靠的选择是对内容使用流服务器。 Flash Media Server is one option but thats a product you can either purchase or find a hosted version (like Akamai). Flash Media Server是一种选择,但这就是您可以购买或找到托管版本(例如Akamai)的产品。 If you are a smaller unit, there are open source versions of the Media server like Red5 ( http://osflash.org/red5 ) 如果您的设备较小,则可以使用媒体服务器的开源版本,例如Red5( http://osflash.org/red5 )。
Not sure about windows media player or quicktime players but I am sure there are similar solutions there as well 不确定Windows Media Player或QuickTime播放器,但我肯定那里也有类似的解决方案
解决方案3
0 2009-05-16 17:45:56
Depends on how hard you want to make it. 取决于您要制作的难度。 You could use javascript to rewrite the url, basic ROT-13 and hopefully people won't bother to decode it. 您可以使用javascript重写网址,基本的ROT-13,希望人们不会费心将其解码。
I haven't tried putting a javascript function in an html object src though. 我没有尝试过将javascript函数放在html对象src中。
解决方案4
0 2009-05-16 22:29:00
You should store the files in a protected directory. 您应该将文件存储在受保护的目录中。 My hosting service (Nearly Free Speech) sets this up for you automatically, and you can retrieve the file within a CGI script (PHP for example) and either write to a temporary file or use the binary directly. 我的托管服务(几乎免费语音)将自动为您设置,您可以在CGI脚本(例如PHP)中检索文件,然后写入临时文件或直接使用二进制文件。 For example, I store a simple list of visits to my personal website in this directory, which is outside of the scope of the web root. 例如,我在此目录中存储了访问我的个人网站的简单列表,该列表不在Web根目录的范围内。
解决方案5
-1 2009-05-16 17:47:23
我不知道Flash播放器解决方案是否可以做到,但可能值得研究。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.