I'm a bit new to web development so forgive the slightly beginner question. Can anyone give me some general pointers on how to prevent downloading of files while displaying content with JavaScript/Flash widgets?
The basic dilemma is making files playable by page widgets while preventing direct downloads of the source media. However, since JavaScript and Flash are browser-side instead of server-side, I'm not sure how I can do this.
Obfuscating the source file name is another option, but I'm not sure what a good way to do this would be. Maybe hiding with an algorithm in the .swf files? Not sure how immune to reverse compilation .swf is though.
Thanks a bunch.
In fact, you can't. There are two types of downloads; normal (direct) one and the one via streaming.
I would advise you to use the direct one but passing an authorization key with it.
An example of such a URL would look like:
/download?file=134&auth=A34C56E4FCD3908DA
^ ^ ^
| | '- The predefined access token
| '- The requested file
'- Gateway script
Don't forget that you must store the sensitive files somewhere outside of your document root.
The gateway script would look like (pseudo-code):
if( validate_token( get('auth') ){
file_id = get('file');
file_name = get_file_name( file_id );
data = file_read_all( file_name );
}