我如何prevent直接访问/下载到MP3 / WAV文件,同时允许Flash播放器来访问他们的.htaccess(或PHP) [英] How do I prevent direct access/download to mp3/wav files while allowing a flash player to access them with .htaccess (or PHP)
问题描述
我一直在淘净几个小时寻找一个解决方案,只有局部的和非功能性的解决方案,以示对我的努力用。
I've been scouring the Net for hours looking for a solution with with only partial and non-functioning solutions to show for my efforts.
该解决方案如下好像在第一次一个伟大的修复,但它也阻止我的闪存访问的文件播放。 我可以只允许特定的页面访问:
<文件〜的 .. 的>
为了允许,拒绝
所有
否认
< /文件>
下面的解决方案似乎是伟大的第一,因为它并没有让人们查看目录中的文件,但如果用户知道音乐文件的真实地址,他们可以下载它:
The solution below seemed like a great fix at first but it also blocks my flash player from accessing the files. Could I only allow access from particular pages?:
< Files ~ "...">
order allow,deny
deny from all
< /Files>
The solution below seemed great at first because it didn't allow people to view the files in the directory but if the user knows the exact url of the music file, they can download it:
SetHandler应用/ X的httpd - PHP的
SetHandler应用程序/ x-冲击波闪光
SetHandler application/x-httpd-php
SetHandler application/x-shockwave-flash
现在,我遇到这个帖子强制用户使用htaccess的产生一个用户名和密码但我对话框弹出时的闪存播放器屏幕。 有没有办法为页面不发送用户的登录信息做什么?
如果这不是一个安全的方法,可以有人建议实施此限制功能的安全和相对直接的方法是什么? URL和例子是大大AP preciated
Now, I came across this post that forces a user to produce a username and password using htaccess but I dialog box pops up when on the flash player screen. Is there a way for the page the send the login info without the user doing anything?
If this isn't a secure method, can someone suggest a secure and relatively straight-forward method of implementing this restriction feature? URLs and examples would be greatly appreciated
P.S。这是一个Word preSS的网站,因此,我将使用 PHP 作为编程语言实现的任何解决方案。
P.S. This is a WordPress site, hence, I'll be using PHP as a programming language to implement any solution.
P.S。展望从网上下载,而不是黑客/饼干/网络向导阻止新手。
P.S. Looking to block novices from downloading, NOT hackers/crackers/internet wizards.
感谢
推荐答案
由于PHP是可用的,用它来保护的文件。不要让他们在他们的网站根目录,但地方都可以访问到PHP。然后生成一个一次性使用的网址,如:
Since PHP is available, use it to protect the files. Don't have them in them in the web root, but somewhere that is accessible to PHP. Then generate a one-time-use URL like:
<?php
$unique = md5( uniqid() ); // 32 hex characters
?>
然后存储独特的价值会话/服务器/数据库,并有另外一个页面验证唯一字符串流媒体文件之前:
Then store that unique value in the session/server/db and have another page validate the unique string prior to streaming the file:
<a href="streamer.php?id=6dd4566eb245627b49f3abb7e4502dd6">Stream Me</a>
请务必先使用后失效的唯一令牌(或之后可能几次,如果你感觉大方)。它不会从捕获的HTTP流反正停止顽固派,但它应该prevent随意连接。
Be sure to expire that unique token after the first use (or maybe after a few times if you are feeling generous). It won't stop the die-hards from capturing the HTTP stream anyway, but it should prevent casual linking.
这篇关于我如何prevent直接访问/下载到MP3 / WAV文件,同时允许Flash播放器来访问他们的.htaccess(或PHP)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
