防止文件下载 [英] File download prevention
问题描述
我有一个项目,客户将歌曲上传到网络上,然后在网站上播放。
I have a project where client will be uploading his songs to the web and afterwards, play those in website.
有很多工具可以下载各种媒体,即使被认为是隐藏的,等等。其中一种工具是适用于Firefox的DownloadHelper插件。
There are many tools out there that allow to download all kinds of media, even if it is considered hidden and so on. One of the tools is DownloadHelper addon for Firefox.
如何防止这种工具来下载媒体文件?但是,我应该可以在前端自由使用这些文件进行促销。
How can I prevent tools like this to download my media files? But, I should be able to freely use these files in front-end for promotional purposes.
预先感谢!
推荐答案
1)RTMP而不是HTTP(即,从服务器流式传输音频/视频数据而不是下载文件);您将在服务器上需要FMS,Red5或类似软件;
1) RTMP instead of HTTP (i.e., streaming audio/video data from server instead of downloading file); you will need FMS, Red5 or similar software on server; this still can be recorded by using RTMP streamers and/or line-out recorders.
2)添加一些基于会话的唯一标识符,以便该文件(或RTMP情况下的流) )只能通过相同的网址访问一次;相同网址的下一个请求将无效。例如,在您的PHP文件中,设置
2) Add some unique session-based identifier so that file (or stream in RTMP case) can be accessed by the same URL only once; next request of the same URL would be invalid. E.g., in your PHP file, set
$_SESSION['file_unique_stuff'] = rand(1000000, 9999999);
<a href='<?php echo "file.php?file_id={$file_id}&unique_stuff={$_SESSION['file_unique_stuff']}"; ?>'>file</a>
然后在将内容传递给客户端的文件中( file.php ):
And then in the file that passes content to client (file.php):
if ( empty($_GET['unique_stuff']) || empty($_SESSION['file_unique_stuff']) || $_GET['unique_stuff'] != $_SESSION['file_unique_stuff'] ) ) {
header("Status: 404 Not Found");
exit;
}
// session's "unique stuff" is validated and is not needed anymore
unset($_SESSION['file_unique_stuff']);
// pass file to client
//...
对于最好的结果,结合两种方法。为每个文件执行此操作,即,您可能会有一个数组唯一填充( $ _ SESSION [$ file_id] ['unique_stuff'] )而不是单个值( $ _ SESSION ['file_unique_stuff'] )。
For the best results, combine both methods. Do this for every file, i.e., you'll probably have array of "unique stuffs" ($_SESSION[$file_id]['unique_stuff']) instead of single value ($_SESSION['file_unique_stuff']).
您还可以隐藏 file_id 链接到会话中的某个随机哈希值来完全从URL中获取,即存储 $ _ SESSION [$ hash] = $ file_id 并使用URL ?hash = {$ hash} 。
You could also hide file_id completely from URL by linking it to some random hash value in session, i.e., store $_SESSION[$hash] = $file_id and use URL ?hash={$hash}.
它不是100%安全的,但这是您在网络上可以做到的最好无法确保用户不使用任何第三方工具。
It's not 100% safe, but that's the best you can do in web, as there is no way to ensure that user does not use any 3rd party tool.
这篇关于防止文件下载的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
