I'm looking to build a jukebox and I am wondering how one would secure songs that are in <audio> tags with HTML 5. I don't want people to be able to download the song, but I'd like to stream it via those <audio> tags. Any suggestions?
Asked
Active
Viewed 1,687 times
4
Matthieu Brucher
- 21,634
- 7
- 38
- 62
Matt
- 22,224
- 25
- 80
- 116
-
2there is no real way to do this. – AK_ Dec 20 '09 at 22:52
4 Answers
4
you could check referer, use some hashing mechanism (unique ID) to verify the streaming player is your jukebox, not the stream saver etc.
BUT: whatever you do, some people will figure it out (or using the last resort - catching the whole stream, following on what kind of data your jukebox sends etc.)
dusoft
- 11,289
- 5
- 38
- 44
-
This is a great idea! Yah. I'm not looking to make it more secure than like youtube or anything. I just want to defer like 95% of people from downloading the music. – Matt Dec 20 '09 at 22:52
-
yup, so come up with some hashing unique ID mechanism that both your server and your jukebox player would understand. maybe use mp3 song hash + some secret data. – dusoft Dec 20 '09 at 22:55
-
Do you know how you would implement this? I'm trying to think.. the jukebox would be loaded on the client's side - so he'll see the UID and just be able to type that right in to look like the jukebox. I'm a security novice by the way. – Matt Dec 20 '09 at 22:56
-
Wouldn't the client have access to mp3 song hash + some secret data that he could just send back to the server via play.php?hash=... ?? – Matt Dec 20 '09 at 22:58
-
no, because your player could check on each new song via AJAX. but if somebody understands the JS code or somebody traces network communication between the server and the client, then they can find what's going on and the IDs. – dusoft Dec 20 '09 at 23:07
-
Ah okay. Yah. That's what I was wondering. Okay. So it's only as secure as how much JS they know/understand. I guess if someone manages to read encrypted javascript, they deserve the song. Thanks! – Matt Dec 20 '09 at 23:16
2
Whatever you give people to listen via a stream can be saved to disk too.
Joey
- 344,408
- 85
- 689
- 683
-
It's harder to do in flash. You can't just look at the source and find the mp3 file in the URL. – Matt Dec 20 '09 at 22:50
-
1You can still record it, though. As long as anything DRM'ed can be played back it can be saved without the restrictions too. Fact of life (and of technology). – Joey Dec 20 '09 at 22:57
-
-
I don't think it's any harder in Flash. Switch to program that records audio being played back (there's a million free ones), hit "record" button. Actually I think that's even easier than digging through an HTML for a URL. :-) – Ken Oct 20 '10 at 23:47
1
This is not possible. In order for the client computer to be able to play the song, the song has to be transferred there. Period.
Jörg W Mittag
- 363,080
- 75
- 446
- 653
1
It's possible using Amazon S3 (similar to the way Soundcloud does it) to generate secure mp3 links for use in your HTML5 player. You generate a secure mp3 on S3 that is valid for a very short time (seconds or minutes), there by prevent someone from copying and sharing the link. You will need to generate the link dynamically using SDK/API.
Community
- 1
- 1
Metablocks Corp
- 1,645
- 15
- 24