Hi all,
I'm looking to build a jukebox and I am wondering how one would secure songs that are in <audio> tags with HTML 5. I don't want people to be able to download the song, but I'd like to stream it via those <audio> tags. Any suggestions?
views:
169answers:
4
+3
A:
Whatever you give people to listen via a stream can be saved to disk too.
Joey
2009-12-20 22:49:15
It's harder to do in flash. You can't just look at the source and find the mp3 file in the URL.
Matt
2009-12-20 22:50:38
You can still record it, though. As long as anything DRM'ed can be played back it can be saved without the restrictions too. Fact of life (and of technology).
Joey
2009-12-20 22:57:54
Yah my goal is to defer like 95% of people from trying it.. that's all.
Matt
2009-12-20 23:17:23
I don't think it's any harder in Flash. Switch to program that records audio being played back (there's a million free ones), hit "record" button. Actually I think that's even easier than digging through an HTML for a URL. :-)
Ken
2010-10-20 23:47:11
+3
A:
you could check referer, use some hashing mechanism (unique ID) to verify the streaming player is your jukebox, not the stream saver etc.
BUT: whatever you do, some people will figure it out (or using the last resort - catching the whole stream, following on what kind of data your jukebox sends etc.)
dusoft
2009-12-20 22:50:24
This is a great idea! Yah. I'm not looking to make it more secure than like youtube or anything. I just want to defer like 95% of people from downloading the music.
Matt
2009-12-20 22:52:20
yup, so come up with some hashing unique ID mechanism that both your server and your jukebox player would understand. maybe use mp3 song hash + some secret data.
dusoft
2009-12-20 22:55:29
Do you know how you would implement this? I'm trying to think.. the jukebox would be loaded on the client's side - so he'll see the UID and just be able to type that right in to look like the jukebox. I'm a security novice by the way.
Matt
2009-12-20 22:56:09
Disregard half of the last statement.. I didn't see your most recent post..
Matt
2009-12-20 22:57:43
Wouldn't the client have access to mp3 song hash + some secret data that he could just send back to the server via play.php?hash=... ??
Matt
2009-12-20 22:58:40
no, because your player could check on each new song via AJAX.but if somebody understands the JS code or somebody traces network communication between the server and the client, then they can find what's going on and the IDs.
dusoft
2009-12-20 23:07:51
Ah okay. Yah. That's what I was wondering. Okay. So it's only as secure as how much JS they know/understand. I guess if someone manages to read encrypted javascript, they deserve the song. Thanks!
Matt
2009-12-20 23:16:49
+1
A:
This is not possible. In order for the client computer to be able to play the song, the song has to be transferred there. Period.
Jörg W Mittag
2009-12-21 04:15:41
A:
Did you ever figure out how to do this? dusoft's solution was rather cryptic to me, I'm not great with this stuff.
Jay
2010-10-20 23:39:33