SitePoint Sponsor

User Tag List

Page 3 of 3 FirstFirst 123
Results 51 to 54 of 54
  1. #51
    SitePoint Member
    Join Date
    Dec 2004
    Location
    Sweden
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Please check the cURL functions and you can see what these can do ....
    You can "forge" referrer , you can set any USER_AGENT you want.
    You can parse the whole page and get caller to generate token for you and play the file remotely or even download.
    As cURL can be set to accept sessions and cookies.
    You will never know if it was user or not.
    However there would be problem for cURL if caller.php is hidden in flash movie.
    But crackers could decrypt the source code of flash movie and find the link, alter a bit parsed HTML site and call "caller.php" simply with an image this would trigger a session cookie.

    Even YouTube can not protect their videos ...

    regards
    feha

  2. #52
    SitePoint Addict
    Join Date
    Nov 2005
    Location
    Moss, Norway.
    Posts
    283
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Late answer. cURL is an excellent language.
    1. Scroll down to the heading cURL: http://www.kjellbleivik.com/Books/
    2. Related WPW thread: http://www.webproworld.com/search-en...tml#post488186
    3. See the first post for book references.

  3. #53
    SitePoint Member
    Join Date
    Dec 2004
    Location
    Sweden
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    @kgun
    Hi
    It is never "too late" :-)

  4. #54
    SitePoint Evangelist Dave Morton's Avatar
    Join Date
    Sep 2003
    Location
    Carson City, NV
    Posts
    557
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This discussion brings to mind something my Father used to tell me...

    "Locks are only meant to keep honest folks out."

    That said, my thoughts are this:

    1.) Don't pass the name of the song to get.php. Pass a unique reference to it, instead. This will make it a bit harder for the evil ones to understand what the link represents. You could even go so far as adding a spurious key/value pair to the URI that's completely irrelevant and not used, such as:
    path/to/get.php?song=no_cheating.mp3&ui={the song's unique identifier}&h={your hash}&t={your timestamp}

    2.) The notion of using a shared key/hash/timestamp is a good one. I think that these two methods are sufficient to prevent 99.5% of all improper usage.
    Making a difference, one little psychotic episode at a time
    Geek Cave Creations
    Beta testers needed for pChat
    Dave's Gallery


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •