I'm looking for some solutions for creating an mp3 player in flash; one that either uses streaming or some kind of obfuscation to prevent users from downloading the source mp3. If I used a server/solution that used the RMTP: protocol, would that prevent the download? Are there any possibilities for using Amazon S3 server for serving the files but hiding the actual URL of the file?
+3
A:
No, RTMP won't prevent direct downloading -- if the user can find out the direct URL, then they can still download the file. I don't know about S3, but I have used streaming servers like Red5 and know that it is possible to directly download MP3 content from it, and therefore is prudent to secure your server in order to prevent people from viewing indexes, etc.
Obfuscating the URL is a possibility, as you suggest, as is on-the-fly renaming. You could pass a GUID to the client, and then on the server, copy the MP3 to a directory named the same as that GUID. The client downloads from that location, and then afterwards the copy is removed. This would of course impose a higher disk load on the server, but I'm just throwing the idea out there in the interest of brainstorming. :)
In short, AFAIK it's possible to get the MP3 content directly over RTMP if the user is sufficiently motivated, so rather than playing cat-and-mouse, you should use a small amount of discouragement to prevent people from abusing your site, but not to prevent you from getting other work done in an effort to win such an arms race.
Edit: On second thought, this might be possible with some streaming media servers... maybe it's just ones like Red5 that permit the user to also download the content if they know the URL. In spite of this, Scott has a good point, too... anything you transmit can be intercepted.
Nik Reiman
2009-02-19 00:49:24
Ok, maybe I'm crazy - I thought that was the whole point of streaming with RTMP? There is no "direct URL" because it's not a progressive download. For example, I checked this page...http://www.streamingmediahosting.com/flash_video_streaming.htm I can see the playlist and the flv files it uses but...
Typeoneerror
2009-02-19 01:05:10
even with Charles and viewing activity, I can't find a direct download to the files.
Typeoneerror
2009-02-19 01:05:43
It supports it with the help of FMS or Red5, right? I don't think it supports this out-of-the-box.
Typeoneerror
2009-02-19 01:08:56
Define out of the box? http://www.longtailvideo.com/support/tutorials/HTTP-Video-Streaming
BenB
2009-02-19 01:41:40
+3
A:
I bet no matter what solution you come up with I can capture and save it as MP3. This assumes you expect me to actually listen to something.
So the answer is, you can't hide the data if you give your user the data.
Scott Evernden
2009-02-19 00:57:20
I bet you're right! But you're not the avg. user. I think making it "harder" to do this is what I was after ;)
Typeoneerror
2009-02-19 01:06:52