在HTML5音频标签的安全性 [英] Audio tag security in html5
问题描述
龙版本:
我使用HTML5音频标记来我的网站上播放MP3文件。与Flash我能流的MP3并确保其为95%。
I use html5 audio tag to play mp3 files on my website. With Flash I can stream mp3's and secure it for 95%.
使用HTML5,很容易找到的MP3的位置和刚刚从那里下载。即使我有独特的哈希将其固定不难检查镀铬网络选项卡,看到了MP3的网址与哈希值。
With html5 it is easy to find out the mp3 location and just download it from there. Even if I secure it with unique hashes it is not hard to inspect the network tab in chrome and see the mp3 url with hashes.
我不知道是否还有其他的方法来从被撕开确保MP3和是否值得的时间。例如 bandcamp 确实产生独特的哈希值,但它仍然是很容易下载的MP3。 YouTube的你有可以PROCES到FLV流和翻录音频,并将其保存为用户的mp3格式的下载网站。
I was wondering if there are other ways to secure the mp3 from being ripped and if it is worth the time. For example bandcamp does generate unique hashes but it is still very easy to download the mp3. For youtube you got download websites that can proces the flv stream and rip the audio and save it for the user as mp3 format.
安全,我能想到的第一层是改变的MP3文件的扩展名为.txt或其他通用格式。
The first layer of security I can think of is change the extension of mp3 files to .txt or another common format.
,因为它默认是隐藏在windows和苹果的95%的用户没有察觉的扩展。这将prevent用户的第一个95%的发现和播放MP3文件。
95% of the users don't spot the extension because it is hidden by default on windows and apple. This will prevent the first 95% of the users to spot and play the mp3 file.
精简版
偷MP3文件,而使用HTML5音频标签prevent用户任何建议。
Any suggestions to prevent users from stealing mp3 files while using html5 audio tag.
推荐答案
类。
的Grooveshark发送POST请求,为正在直播的MP3,这使得刚刚访问和恶搞很难不动态创建一个服务器端脚本的POST请求自己 - 尤其是看到你就必须再尝试存储所收集的音频文件。但是你可以使用新的AudioContext来帮助解决这个为最现代化的平台...
Grooveshark send a POST request to a server-side script for the MP3 that is being streamed which makes it very difficult to just access and spoof without dynamically creating a POST request yourself - especially seeing as you would have to then attempt to store the audio file that is collected. But you can use the new AudioContext to help solve this for most modern platforms...
我使用HTML5Rocks.com一个很好的例子,以改变使用的头如下:
I used a great example from HTML5Rocks.com to alter the headers used as follows:
var dogBarkingBuffer = null;
// Fix up prefixing
window.AudioContext = window.AudioContext || window.webkitAudioContext;
var context = new AudioContext();
function loadDogSound(url) {
var request = new XMLHttpRequest();
request.open('POST', url, true);
request.setRequestHeader("Content-type","application/x-www-form-urlencoded");
request.responseType = 'arraybuffer';
// Decode asynchronously
request.onload = function() {
context.decodeAudioData(request.response, function(buffer) {
dogBarkingBuffer = buffer;
}, onError);
}
//this is the encryption key
request.send("key=98753897358975387943");
}
如你所见,我也送这有可能是一个公共/私人对一部分太键值。这应该让任何人企图干预 - 其他不是简单的记录MP3,因为它的演奏,当然,但怎么可能停止在任何环境中或离开计算机
As you can see I am also sending a key value which could possibly be part of a public/private pair too. This should put anyone off attempting to intervene - other than simply recording the MP3 as it's playing, of course, but what could possibly stop that in any environment inside or out of a computer?
这篇关于在HTML5音频标签的安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
