0

(Sorry for my English) Hello, I have a list of audios where there are two kind of privileges [play] and [play and download].

So, Im using something like this:

<audio controls="controls" controlsList="nodownload">
   <source src="/files/test.mp3" type="audio/mpeg" />
   Your browser does not support the audio element.
</audio>

When the user can [play and download] I only remove controlsList="nodownload"

My problem is that an user that only have the privilege to play audios can open the source code + search.mp3 and have access to my audio url, e.g. /files/test.mp3, add the host and have access to the mp3 file and download it.

Im using ASP.NET so e.g. host/files/ is Inaccessible but host/files/test.mp3 is accessible.

I'd like to block the access to all the routes that finish in .mp3 or I don't know any other recommendation?

Ryan Schaefer
  • 3,047
  • 1
  • 26
  • 46
Jorge López
  • 1
  • 3
  • If you blocked all routes that ended in .mp3, wouldn't that block the audio from being played? Also, it's fairly simple for users to remove `controlsList="nodownload"` themselves using devtools. – Andrew Myers May 15 '18 at 17:01
  • yes, you're right!... Do you have any suggestion? – Jorge López May 15 '18 at 17:10
  • You're probably looking for "DRM". Here are a couple links: https://stackoverflow.com/q/3137888/5764553 and https://www.html5rocks.com/en/tutorials/eme/basics/ – Andrew Myers May 15 '18 at 17:18
  • Thank you very much, I think that EME is what I need. (Y) – Jorge López May 15 '18 at 17:33
  • Another option is not to expose the files directly through the webserver, but instead point your audio element at an action method which first checks the user's permissions before deciding whether to return the file (which is held in a folder not directly accessible via a URL). – ADyson May 15 '18 at 18:44

0 Answers0