duanli8391 2010-02-05 07:52
浏览 113


I want to be able to deliver music/mp3 using a flash player but I'd like to make it so that the mp3 files cannot be sniffed... i.e. you can't use safari, firebug..etc. to find out the mp3 location using the activity window. I don't have a streaming server. Any idea?

If I go with a streaming server, any suggestions on how to go about it (cheaply)?

  • 写回答

7条回答 默认 最新

  • duanju8431 2010-02-05 08:00

    You really cannot distinguish safely clients in HTTP. When they record the whole traffic, they always can replay the interaction, unless you use some cryptographic mechanisms.

    As an easy approach, I would try to allow requests only in combination with an access key. The access key is created by yourself and send to the browser as a parameter of the URI. When the clients sends the request, it is only valid if the provided access key is valid as well. Within the access key, you could encode some information like IP address, time range, user agent etc.

    But as I said, there is no 100% secure way to protect your data, as long as you eventually expose it via HTTP. There is always the hardcore approach to sniff your whole traffic and rebuild the files that way.

    Access keys are used by Amazon S3, but there are also plugins for webservers like nginx.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
  • douchen2011 2010-02-05 07:57

    This is more or less impossible. Since the client can connect, it must know the address. You're looking to obscure the source, but you can't hide it completely, and I suppose the easiest way would be to use some kind of browser plugin, flash and java comes to mind (as you've suggested), which asks a server for the address. Note that it's still very much possible to analyze the flash or java program, as the browser still needs to download the .swf file.

    A different approach would be to use a single-use URL, where server serves up a URL which can only be used once. It's still 'sniffable' and can still be exploited if it's intercepted before the client connects though.

  • douguai4653 2010-02-05 08:00

    If you're delivering an mp3 to the user's computer, you're delivering an mp3 to the user's computer. I guess you can try encryption of some sort to make it harder to recover the MP3, but if the user's computer can play it, it can also take those same bits and save them off to disk before playing them.

  • doudao5287 2010-02-05 08:00

    It's not really possible to conceal the URL without using some sort of closed technology like Flash. An alternative you can use is to keep your MP3s in a password-protected directory but stream them to the browser via a server-side script that bypasses that protection. That way, even if someone knows the URL of an MP3 file, they can't download it by simply entering its address in their web browser.

  • dsvtnz6350 2010-02-05 08:26

    Go for streaming, or it's impossible. Firebug, Opera's Dragonfly, etc. show all HTTP requests run by the browser, there is no way to hide them. I download media from "within" flash regulary (YouTube, for example), and it works every time, except with streaming, because that's not HTTP.

  • duanhui9840 2010-02-05 10:13

    You can use a 2-way encryption.

    You pass encrypted URLs to the audio player then have the player reverse-encrypt them. Not 100% secure but it could help.

  • doushi4795 2010-02-07 03:12

    use a socket server and obscure the connection. I think something like electroserver should do what you want, it used to have a free license up to 25 or so users, then its only a couple hundred to license it. Not sure about ES4.... It might be overkill for your needs.




  • ¥20 C语言字符串不区分大小写字典排序相关问题
  • ¥15 关于#python#的问题:我希望通过逆向技术爬取1688搜索页下滑加载的数据
  • ¥15 学习C++过程中遇到的问题
  • ¥15 关于Linux的终端里,模拟实现一个带口令保护的屏保程序遇到的输入输出的问题!(语言-c语言)
  • ¥15 学习C++过程中遇到的问题
  • ¥15 请问,这个嵌入式Linux系统怎么分析,crc检验区域在哪
  • ¥15 二分类改为多分类问题
  • ¥15 Unity微信小游戏上调用ReadPixels()方法报错
  • ¥15 如何通过求后验分布求得样本中属于两种物种其中一种的概率?
  • ¥15 q从常量变成sin函数,怎么改写python代码?