[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apache .wmv file help

On Thu, Oct 12, 2006 at 10:50:01AM -0300, Gonzalo Arana wrote:
> As a practial solution, while it is not perfect, you may block empty
> referers, for instance.

and anyone who wants to download it can easily fake up a HTTP_REFERER
header. most snarfing tools (including wget, snarf, LWP) provide some
mechanism for specifying the HTTP_REFERER.

relying for security on data supplied or controlled by the user doesn't work.

in short, it can't be done. the most you can do is make it slightly
more difficult to download than to view...and that isn't worth the
programming effort (as it will only stop those who don't bother to try,
which means it only stops just as many people as doing nothing would
stop).




BTW, depending on the browser, the user probably wont even need to do
anything out of the ordinary...if the browser doesn't know what to do
with a .wmv file (or if it knows of several things to do), it may pop up
a dialog box asking the user what to do - including options like "view
with <program>", and "save to disk".

craig

-- 
craig sanders <cas@taz.net.au>           (part time cyborg)
Reply to: