开发者

Allow only certain people to view a file

Let's say I have a swf with a movie or something (it's a stream actually but it doesn't really matter).

I created a quite secure way to get to the page where it is displayed (as embed). The only problem is 开发者_Go百科this:

How do I stop someone to view source or use something like Firebug and send the address of the file to somebody else.

I want them to see the result but not be able to send it to anyone else.

The platform for my site is LAMP.


You can't do this.

  • if you don't want the client to know something, the only option is to not tell it;
  • if you don't tell the client where the file is, he can't possibly view it.

What you should do instead, is to have some authentication and authorization in place, so that only authenticated and authorized users can access said address. That way users can share the address as they like, but unauthorized users can only get "Access denied" messages.

This does not prevent authorized users from downloading the file and hosting it somewhere else, though. If you don't trust them not to do this, don't authorize them.


I created a quite secure way to get to the page where it is displayed

intriguing. Please describe this secure way in detail.

If its secure in the sense that it authenticates and authorises the user, then it provides the security you ask about from the sharing of URLs.


You could implement a refer[r]er check to prevent users accessing the file directly.

$referer = $_SERVER['HTTP_REFERER'];
$components = parse_url($referer);

if ($components['host'] != "www.example.com") {
    // User didn't access file from your site.
}

This can be circumvented by spoofing the referer header but should defeat casual users.

Naturally, this doesn't prevent someone downloading and re-hosting the file.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜