How can I securely put music on my website?

Question

I mean, I want to share an audio file without letting users to download it.

Here are my tries :

When I do <audio src="myAudio.mp3" />, it may be kept in the browser cache.
When I do <audio src="myAudio.mp3?12345" />, my file is not cached but users can extract its path in the source code, that means they can download it easily.
I thought about adding DRM to it but it seems there are tools to remove that.
I tried to find jQuery library for that but none of them does what I want.

Is it possible ? If so, how ?

@Qantas94Heavy look at this: http://www.therealtimeweb.com/index.cfm/2005/11/2/Streaming-flv-video-via-PHP-take-two — Vedant Terkar, Jan 25 '14 at 06:41
@VedantTerkar: the questioner wants to prevent users from being able to keep the music on their computer -- they can always get the information from the stream or record it off stereo mix. — Qantas 94 Heavy, Jan 25 '14 at 06:43
if you're using `php` then it is `.htaccess` trick: http://stackoverflow.com/questions/14024877/deny-direct-download-of-file-using-php — Vedant Terkar, Jan 25 '14 at 06:44

score 2 · Answer 1 · answered Jan 25 '14 at 06:29

2

The correct answer is that, if you allow your users to listen to the music, they will, by definition, be able to record said music. There is a very clear distinction between security, which you are requesting, and obfuscation, which you actually want.

answered Jan 25 '14 at 06:29

William Brendel

31,712
14
72
77

So what about `soundcloud` for example ? Sometimes the Download button is disabled, but we still can listen. – David Jan 25 '14 at 06:34
My point is that, with all any form of DRM, if you are able to listen to or view the final content, the consumer can record the content. The best you can hope for is to obfuscate the link to the content. The SoundCloud example you gave certainly allows the listener to record the content, just not through the officially-supported download mechanisms. If the user can see/hear the content, they can record the content. Search for "the analog hole" for obvious examples. – William Brendel Jan 25 '14 at 06:42
Ok, I will add jingles to it. Thank's. – David Jan 25 '14 at 06:50

score 1 · Answer 2 · answered Jan 25 '14 at 23:42

1

Add a .httacess function to block users from downloading files in a path or a whole entire folder. You can also make a password for files also so they wont be able to be deleted without a password

This goes in your .htacess file

RewriteEngine On
# you can add whatever extensions you want routed to your php script
RewriteCond %{REQUEST_URI} \.(mp3|wav|oss)$ [NC]
RewriteRule ^(.*)$ /download-file.php?filename=$1 [L]

The last RewriteRule change the download-file.php to your actually php or html file with the download.

answered Jan 25 '14 at 23:42

BrainDamage

34
1
9

works fine! `http://www.my-website.com/myaudio.mp3` redirects to the main page. thank you. – David Jan 26 '14 at 02:06
1

hum... sorry but it seems `` does not work now. Direct download is blocked, but my page cannot get the file. – David Jan 26 '14 at 02:49
Try putting the song in a folder and not the main directory – BrainDamage Jan 26 '14 at 06:36

score 0 · Answer 3 · edited May 23 '17 at 12:14

0

It's possible using Amazon S3 (similar to the way Soundcloud does it) to generate secure mp3 links for use in your HTML5 player. You generate a secure mp3 on S3 that is valid for a very short time (seconds or minutes), there by prevent someone from copying and sharing the link. You will need to generate the link dynamically using SDK/API.

See example of how to use PHP to generate secure links.

edited May 23 '17 at 12:14

Community

1
1

answered Jan 29 '14 at 13:38

Metablocks Corp

1,645
15
24

1

I think (tested) that this is the best solution : http://stackoverflow.com/questions/10236717/htaccess-how-to-prevent-a-file-from-direct-url-access. It works as well – David Jan 29 '14 at 23:37

How can I securely put music on my website?

3 Answers3