Here is my scenario: I am building a web page for a friend's band. They want to stream full versions of their songs on the site, but not allow users to download the files. There are links to purchase the music on iTunes and Amazon. My ideal solution is to use the html5 audio tag.
My problem: Streaming music through the audio tag is not secure, and very easy to catch the URL in the page's source and then just downloading from their web browser.
I've done some research online and read some discussions. Yes, I know that there is no way to make it 100% secure. But, I would like to try to implement some security measures to deter most people from stealing the music.
So my question is, what measures can I take here to try and secure the audio? Is there a way to only allow the page that streams the music access to it? So this way users can't just navigate to the music file's URL and download? Or is there a way to get it from a webservice?
Any help is much appreciated. Thanks!
There is a little trick I think about: allow access to the music through a one-time unique url:
// Page generation
// Generate unique token and put it into database
<audio controls="controls">
<source src="song.ogg?token=UNIQUETOKEN" type="audio/ogg" />
</audio>
// On access
- Check for corresponding UNIQUETOKEN in database
- Remove token from database
- Send audio data
It won't prevent users from downloading your song through CURL (for instance), but they won't be able to view the page AND navigate the source to download the song again.
Also, it should be possible to download separate samples of your track and play them continuously with a custom player. These are just ideas, I'm not sure they would be efficient enough for what you request.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With