Discussions

Web tier: servlets, JSP, Web frameworks: Securing file downloads?

  1. Securing file downloads? (3 messages)

    What are some of the possible ways to secure file downloads, apart from using basic/form authentication?

    Bassically, I would like to expose my mp3s through my flash player only. The player is embeded in a jsp page which pops up when the "play" button is clicked.

    If a "client" tries to access the mp3 file by typing it's URL in the browser, the server should reject the request!

    I was thinking to check the referer, but that didn't work... Maybe create a random link? At the time of request generate a unique folder place the mp3 in that folder and stream it! Remove the folder after a while? Seems overkill and therea quite afew things to consider!?

    Thanks

    Threaded Messages (3)

  2. Securing file downloads?[ Go to top ]

    Why not check the referrer? or use a servlet to pull the information, and check for some encoded value? I'd suggest using POST for that, actually, although these still aren't "secure" - anyone with a traffic sniffer or proxy (Parosproxy is a good one, for example) would be able to see it.

    Another idea is to have a token built in the session that represents the MP3 in question. This token would expire after the session, and the mp3 servlet would look up the MP3 by token - that way, nobody would ever see the actual filename of the MP3, only a short-lived token.
  3. Securing file downloads?[ Go to top ]

    I tried reading the http_referer var and got nothing...

    As for the session var does it require a loged in user or can I create the token like that? Also I have 100s of mp3s and they are volatile, bassically I have musician who can uplaod and manage there own mp3s edit delete them etc...

    You have any resource concerning a session token implementation?

    Thanks
  4. Securing file downloads?[ Go to top ]

    See this for example:

    http://www.servletsuite.com/servlets/securelinkflt.htm

    you can create a secure links for your users