Prevent direct access to mp3/wav files while allowing a flash player to access them with .htaccess (or PHP)

Question

How do I prevent direct access/download to mp3/wav files while allowing a flash player to access them with .htaccess (or PHP)? I\'ve been looking for a solution with only pa

Answer 1

Someone will always be able to appear as though they are running flash and be able to download your music. TamperData can be used to see all traffic the browser produces (including flash), and have the ability to replay, intercept and modify all requests. Flash is easy to decompile, but this probably isn't necessary.

The only thing you can do is to raise the bar and to prevent direct linking to your content. You can do this by using PHP to restrict access to the media. Put all of the media outside of the web root, or protect the directory with a .htaccess deny from all. Have the flash application first send a "request to download", give the flash app a temporary single use token (cryptographic nonce). This token is then used in the next request to download the music from a PHP file. This is easy to fool, but its the best you can do.