Deter direct access to files (mp3) but yet allow flash player to play songs (htaccess/php)

Question

I know it's practically impossible to not allow a user to download an mp3 file with all the various methods out there. But I'm stuck in a situation where i need to make things slightly more private/secure for my customers.

Here's my problem, I'm currently using this flash mp3 player http://www.flabell.com/flash/Flash-Mp3-Player-29 to stream/play the songs. The player uses xml for settings & playlist. I'm also using WordPress & the S2Member plugin.

I'm trying to allow the player to play songs but yet do not allow users to download/opening the direct links to the files. (eg: songs are located at domain.com/player/songs/*.mp3, script is in a level up). Is there a htaccess method to deny direct access but yet allow (local) scripts to call the file?

Also, I mentioned about S2Member plugin for WordPress.

The WordPress plugin has a built in restriction to as where logged in users can download files that are hidden from open access. So in order to download a song, u'll have to use domain.com/s2script_download?file=mysong.mp3.

The folder that hosts the files has a .htaccess with a "Deny All" in it. Is it possible to reuse this folder to play/stream songs with the flash player mentioned above?

Answer 1

To the best of my knowledge this isn't possible. Yes, it's possible to deny access to the outside world, while allowing access to local scripts. But Flash isn't a local script. All things being equal, a Flash app requesting a file is no different than a browser requesting a file. You can't block one without blocking the other.

The only solution that even comes to my mind is having the Flash app request the file with a special query string, i.e. /somesong.mp3?fromflash. Off course that won't stop most people from getting the song, but it could stop some people.