| Author |
Message |
rabbit
Guest
|
 Posted:
Thu Oct 20, 2005 4:30 pm Post subject:
Turning off the URL Value |
|
|
How About turning off the following or encrypt it or whatever needs to be
done to avoid surfer not to view the url link of the audio media playing.
<param name="URL" value="audiomedia.mp3">
This works great but only turns off the right click event on the browser
<param name="enableContextMenu" value="0">
but when goes to the browser view source then become visible.
Or Maybe how to turn off the Browser View - Source Menu
TIA
|
|
| Back to top |
|
 |
Neil Smith [MVP Digital M
Guest
|
| Posted:
Thu Oct 20, 2005 4:30 pm Post subject:
Re: Turning off the URL Value |
|
|
On Thu, 20 Oct 2005 06:26:12 -0700, rabbit
<rabbit@discussions.microsoft.com> wrote:
| Quote: | How About turning off the following or encrypt it or whatever needs to be
done to avoid surfer not to view the url link of the audio media playing.
param name="URL" value="audiomedia.mp3"
|
Anything which is encrypted has to at some point be unencrypted.
You're talking about obfuscation, which only deters the people who
don't know how to extract the URL. How did you propose the media
player reads the "encrypted" URL ? So you'll have to un-obfuscate it,
and if you do that client side then the client can view the source of
your javascript to determine how to get the real URL - and write a
javascript app to do that for others.
| Quote: | This works great but only turns off the right click event on the browser
param name="enableContextMenu" value="0"
but when goes to the browser view source then become visible.
Or Maybe how to turn off the Browser View - Source Menu
|
You might as well not bother, because somebody can then telnet or CURL
to your web server and gain the source that way. Trust me on this, I'm
a web developer. There's *nothing* you can do to "hide" the URL which
at some point can't be tampered with or viewed.
If you must have your content protected, the ONLY available solution
is to use DRM to licence the file, and issue licences to users
yourself (and it's still quiestionable if DRM is secure enough for
you).
The real question is - how valuable is your content, and how much are
you prepared to spend to "protect" it ?
Cheers - Neil |
|
| Back to top |
|
|
rabbit
Guest
|
| Posted:
Sun Oct 23, 2005 4:30 pm Post subject:
Re: Turning off the URL Value |
|
|
Tnx u much Neil for your tips, I understand that there is nothing that can be
hidden from surfer to view source or get the media but I've seen some site
that uses the encrypted javascript that really hides it well I just don't
know how to scramble the code in such way that looks like hex. I;ve done it
using the javascript escape() function to encode it and the unescape() to
decode it but escape() does not make it to look like hex just add the % sign
to it. There is another function call hp_d00() which I do not know how it
works which is the unscramble the script line in hex i just don know how to
convert the escape("string") into hex, Do you?
"Neil Smith [MVP Digital Media]" wrote:
| Quote: | On Thu, 20 Oct 2005 06:26:12 -0700, rabbit
rabbit@discussions.microsoft.com> wrote:
How About turning off the following or encrypt it or whatever needs to be
done to avoid surfer not to view the url link of the audio media playing.
param name="URL" value="audiomedia.mp3"
Anything which is encrypted has to at some point be unencrypted.
You're talking about obfuscation, which only deters the people who
don't know how to extract the URL. How did you propose the media
player reads the "encrypted" URL ? So you'll have to un-obfuscate it,
and if you do that client side then the client can view the source of
your javascript to determine how to get the real URL - and write a
javascript app to do that for others.
This works great but only turns off the right click event on the browser
param name="enableContextMenu" value="0"
but when goes to the browser view source then become visible.
Or Maybe how to turn off the Browser View - Source Menu
You might as well not bother, because somebody can then telnet or CURL
to your web server and gain the source that way. Trust me on this, I'm
a web developer. There's *nothing* you can do to "hide" the URL which
at some point can't be tampered with or viewed.
If you must have your content protected, the ONLY available solution
is to use DRM to licence the file, and issue licences to users
yourself (and it's still quiestionable if DRM is secure enough for
you).
The real question is - how valuable is your content, and how much are
you prepared to spend to "protect" it ?
Cheers - Neil
|
|
|
| Back to top |
|
|
Sebastian Gottschalk
Guest
|
| Posted:
Sun Oct 23, 2005 8:30 pm Post subject:
Re: Turning off the URL Value |
|
|
rabbit wrote:
| Quote: | Tnx u much Neil for your tips, I understand that there is nothing that can be
hidden from surfer to view source or get the media but I've seen some site
that uses the encrypted javascript that really hides it well I just don't
know how to scramble the code in such way that looks like hex. I;ve done it
using the javascript escape() function to encode it and the unescape() to
decode it but escape() does not make it to look like hex just add the % sign
to it. There is another function call hp_d00() which I do not know how it
works which is the unscramble the script line in hex i just don know how to
convert the escape("string") into hex, Do you?
|
[... long script...]
document.write('<object data="'+result_url+'" type="foo/bar"'></object');
-> alert(result_url);
That's why your idea is simply stupid.
--
Dieser Schrieb stellt eine private Meinungsäußerung des Verfassers im
Sinne der gesetzlich garantierten Meinungsfreiheit dar. Wem das nicht
passt, der wende sich an das Bundesverfassungsgericht. Viel Erfolg!
Key: 0xA0E28D18 FP: 83AE 1136 1E2B 9767 8FB2 7594 4128 1A9E A0E2 8D18 |
|
| Back to top |
|
|
Neil Smith [MVP Digital M
Guest
|
| Posted:
Sun Oct 23, 2005 8:30 pm Post subject:
Re: Turning off the URL Value |
|
|
On Sun, 23 Oct 2005 09:25:03 -0700, rabbit
<rabbit@discussions.microsoft.com> wrote:
| Quote: | Tnx u much Neil for your tips, I understand that there is nothing that can be
hidden from surfer to view source or get the media but I've seen some site
that uses the encrypted javascript that really hides it well I just don't
know how to scramble the code in such way that looks like hex. I;ve done it
using the javascript escape() function to encode it and the unescape() to
decode it but escape() does not make it to look like hex just add the % sign
to it. There is another function call hp_d00() which I do not know how it
works which is the unscramble the script line in hex i just don know how to
convert the escape("string") into hex, Do you?
|
You'd want something like
<script language="javascript1.2">
var strCode="Long string of my javascript code";
var resCode="";
for (i=0; i<strCode.length; i++) {
resCode += strCode.charCodeAt(i).toString(16);
}
alert(resCode.toUpperCase());
</script>
It doesn't do you any real good, because I can just run this on your
obfuscated string to get the URL back.
<script language="javascript1.2">
var viewCode =
"4C6F6E6720737472696E67206F66206D79206A61766173637269707420636F6465 ";
for (i=0; i<resCode.length; i+=2) {
charCode = parseInt(resCode.substr(i,2), 16);
viewCode += String.fromCharCode(charCode);
}
alert(viewCode);
</script>
Cheers - Neil
| Quote: |
"Neil Smith [MVP Digital Media]" wrote:
On Thu, 20 Oct 2005 06:26:12 -0700, rabbit
rabbit@discussions.microsoft.com> wrote:
How About turning off the following or encrypt it or whatever needs to be
done to avoid surfer not to view the url link of the audio media playing.
param name="URL" value="audiomedia.mp3"
Anything which is encrypted has to at some point be unencrypted.
You're talking about obfuscation, which only deters the people who
don't know how to extract the URL. How did you propose the media
player reads the "encrypted" URL ? So you'll have to un-obfuscate it,
and if you do that client side then the client can view the source of
your javascript to determine how to get the real URL - and write a
javascript app to do that for others.
This works great but only turns off the right click event on the browser
param name="enableContextMenu" value="0"
but when goes to the browser view source then become visible.
Or Maybe how to turn off the Browser View - Source Menu
You might as well not bother, because somebody can then telnet or CURL
to your web server and gain the source that way. Trust me on this, I'm
a web developer. There's *nothing* you can do to "hide" the URL which
at some point can't be tampered with or viewed.
If you must have your content protected, the ONLY available solution
is to use DRM to licence the file, and issue licences to users
yourself (and it's still quiestionable if DRM is secure enough for
you).
The real question is - how valuable is your content, and how much are
you prepared to spend to "protect" it ?
Cheers - Neil
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in