Can I protect my audio files whilst using SoundManager?

  • 2
  • Question
  • Updated 6 years ago
Hi! I'm developing an online phrase guide for people learning English and would like to have it so that users can click on any phrase to hear how it sounds.

I've successfully installed SoundManager 2 on a test page and it's working well.

However, I'm keen to prevent users from downloading the MP3 files themselves as I don't want them to be used elsewhere on the web without my consent. As it stands, a user could simply look up the path to any MP3 file from the HTML code and then download it directly.

Is there any way I can prevent this? I tried placing the sound files in a separate directory and protecting that using Apache authentication, but that led to a password prompt when I tried to play a sound.

If it can't be done using SoundManager 2, is there another solution you could suggest, preferably also using using Flash/Javascript?

Many thanks,
Speak English!
Photo of Chris Thompson

Chris Thompson

  • 5 Posts
  • 0 Reply Likes
  • happy with the product but unsure I can use it.

Posted 9 years ago

  • 2
Photo of Scott

Scott, Official Rep

  • 3873 Posts
  • 253 Reply Likes
Official Response
Hi Chris,

In short, "If you can see (or hear) it, you can steal it."

The most realistic way to protect files on the web, is to simply not post them. Consider music, movies and games, all of which are protected by copyright law, as some fine examples of the relative simplicity of copying. ;)

Jokes aside, taking the logical security approach with what's available on the browser end: To "selectively" serve them in some cases and deny them in others is a bit of a can of worms. I'll explain a few options, which could also be applied to images, movies or any other asset.

Right-clicking/copy to clipboard
Try to discourage right-clicking on links, "save as" etc. I have an option for this in the inline MP3 player demo, but of course that is only one way of many people can copy or save a link. Additionally, browsers have options which include, "don't let scripts block right-clicking". ;) Alternately I could tab to the link and hit CTRL-C to copy, or view source, etc. There's always a way around these sort of methods.

Discouraging right-clicking is actually likely to prevent the most casual/common attempts to save your MP3 files by most people without technical know-how however, so while I don't encourage it myself, the option is included in the in-page MP3 player demo.

HTTP caching
You can serve MP3s with basic HTTP headers such as no-cache etc., an "expires" header in the past, and I have heard that Flash should obey these headers and not cache the file after loading.

Session authentication/tokens, HTTP referral checking
You could try to check that requests are coming from your own site before serving the MP3 files (eg. your site is on and the HTTP referrer which the browser sends is also from, and it's then "valid" to serve - thus, a direct link from to your MP3 would fail when clicked, or "save as" etc.) However this information is relatively trivial to fake by people who know what they're doing, so it'll stop casual linking but not people who are "determined." The same applies to session and cookie authentication schemes.

Even after all of this, someone could still record your audio through the system output, so it's never "really" protected - same as with DRM-encoded files. However, the most realistic thing you can do is discourage "casual" copying/downloading attempts by blocking right-clicks; additionally, checking HTTP referrers doesn't involve too much work and will discourage "hot-linking" by MP3 search engines, crawlers and so on.