RE: FN-FORUM: Paid for file downloads / streaming

date posted 1st December 2003 17:23

Im probably wrong but Im sure we did something like this (in Java) and
the docs were outside the apache domain / above the web root... And u
couldn't bookmark it - well you could be you wouldn't get anything
unless you were logged in still.

Like I say Im probably wrong.

:: http://ianmoss.com :: http://alteris.co.uk :: http://rock666.com ::

>Nick Grimshaw
>
>David Eckersall:
>> yup, you supply it a valid URL, however using the
>response.redirect in
>> the asp means its location is 'cloaked' and you can do any security
>> testing before passing it over.
>
>Barely cloaked. Once someone (anyone!) has successfully logged
>on, the server sends them a 302 HTTP response with *the actual
>URL to the video*. So they can bookmark it, distribute it, etc.
>
>Security through obscurity doesn't work.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.516 / Virus Database: 313 - Release Date: 01/09/2003