Making a file readable only by JavaScript and/or Flash

I'm a bit new to web development so forgive the slightly beginner question. Can anyone give me some general pointers on how to prevent downloading of files while displaying content with JavaScript/Flash widgets?

The basic dilemma is making files playable by page widgets while preventing direct downloads of the source media. However, since JavaScript and Flash are browser-side instead of server-side, I'm not sure how I can do this.

Obfuscating the source file name is another option, but I'm not sure what a good way to do this would be. Maybe hiding with 开发者_C百科an algorithm in the .swf files? Not sure how immune to reverse compilation .swf is though.

Thanks a bunch.

In fact, you can't. There are two types of downloads; normal (direct) one and the one via streaming.

I would advise you to use the direct one but passing an authorization key with it.

An example of such a URL would look like:

/download?file=134&auth=A34C56E4FCD3908DA
    ^         ^          ^
    |         |          '- The predefined access token
    |         '- The requested file
    '- Gateway script

Don't forget that you must store the sensitive files somewhere outside of your document root.

The gateway script would look like (pseudo-code):

if( validate_token( get('auth') ){

    file_id = get('file');
    file_name = get_file_name( file_id );
    data = file_read_all( file_name );

}

if your intention is to prevent somebody stole your source code, you can't do anything, because javascript NEED to be downloaded by browser. you can translate your critical code to some server-side language and pass to brwoser (or flash) only his output. Or try some server-side javascript engine