Pretty Good Protection
The issues with trying to prevent direct downloading can be summed up with: "Where there's a will, there's a way." Even
with the most sophisticated techniques, there is no 100% fool-proof way to
prevent material in the public domain from being accessed directly.
There are a number of options available to safe-guard your audio. Take a look at the following options available in the Customizer tool for the Wimpy MP3 Player:
In the Wimpy Script Configuration section:
- Startup Folder **
- Download a wimpyConfigs.xml file
In the Advanced Options section:
- Encrypt HTML
- Prevent files from caching **
If you are using XML playlists, these options will not be available. These options are only available when running Wimpy "off of" PHP, ASP or ColdFusion because only these "server-side scripting" environments can offer the kind of functionality required to control the server.
When running Wimpy off of an XML playlist the "Wimpy Script" (wimpyApp) option is set to an XML file. Which means that some special server-side functionality will be lost because Wimpy does not have access to the wimpy.php/asp/cfm files which are normally defined through "wimpyApp."
XML files can control the server. Therefore, the following options are not available when running Wimpy off of an XML playlist:
- Force download
- Prevent files from caching
- Display ID3 tags
- Hide Folders
- Hide Files
- Startup folder
The most reliable method:
Perhaps the most reliable method is to take
advantage of "file permissions." If you use the "Prevent local
you can prevent files from being accessed directly by changing the permissions
of your MP3 files. For example, if the "Prevent local caching" option is
set, and you change the permissions of your MP3 files to:
This will only allow your files to be accessed through Wimpy. The reason for
this is because the "Prevent local caching" option uses PHP, ASP or ColdFusion
to serve the MP3 file, rather than using the standard Web Server (Apache, IIS,
etc). And since PHP is traditionally granted "owner" privileges (or is a part
of the "owner" group, PHP will be able to server the file. However, if someone
attempts to access the file directly with a web browser, they will be denied
access, because they are not a part of the "owner" group.
You may need to test out various permission settings, such as 200, 400, 622,
etc. Also, you may need to contact your server administrator to have them add
PHP, ASP or ColdFusion to the "owner group" so that PHP, ASP or ColdFusion
will have the proper permissions to access the MP3 files.
This method is not guaranteed to work with all web sites because the "prevent
local caching" option
causes wimpy.php to retrieve and output the file, and depending on the way
that the web server and or PHP, ASP or ColdFusion is set up, the Prevent
local caching options may not work. So it is best to ensure that the "Prevent
local caching" option works before fiddling with permissions.
You may also want to take a look at setting up Wimpy SQL, which uses a unique method to playback the files -- where direct URLs to files are not visible -- making it a little more difficult for potential thieves to wade through the code. With Wimpy SQL you can set up customizable playlists rather easily. Click here for more information about Wimpy SQL.
Again, there are no fool-proof methods, the options available are "pretty good protection."
Only Wimpy MP3 Player offers these safe-guard methods, the other Wimpy products do not offer these safe-guards.
Neil Gertenberg (notesandtones at gmail dot com) points out:
1) Place the mp3 files for each playlist (ID3 tagged) in separate audio subfolders (mp3s/randomnames/) with a copy of wimpy.php and the getID3 files. The wimpy.swf stays in the mp3s/ folder
2) Use getID3 option, prevent caching and encrypt HTML options in configuration tool - no playlists, no XML. Set the path to the audio folder (mp3s/randomname/) for only the wimpy.php path. Leave the others to the mp3s/ folder, and skins to wherever skins are.
3) Create custom wimpyhtml file for each audio subfolder/playlist, and add a blank index.html to prevent browsing.
4) Manually edit (carefully) wimpyhtml files so that the paths to wimpyWrite.js point to the mp3s/ folder and NOT the subfolder (mp3s/randomname).