Re: FN-FORUM: Paid for file downloads / streaming

date posted 1st December 2003 19:25

cloaked enough to stop the average user - simply bookmarking doesnt
bookmark the movie, at least not in IE, moz, opera and NN on the PC, nor
does the movies URL ever get displayed in the navigation bar.

its perfectly suitable for a cheap and quick solution as long as the
client is aware of the limitations, and those limitations are easily
defeated by making the area protected by windows security.

Nick Grimshaw wrote:

>David Eckersall:
>
>
>>yup, you supply it a valid URL, however using the response.redirect in
>>the asp means its location is 'cloaked' and you can do any security
>>testing before passing it over.
>>
>>
>
>Barely cloaked. Once someone (anyone!) has successfully logged on, the
>server sends them a 302 HTTP response with *the actual URL to the video*. So
>they can bookmark it, distribute it, etc.
>
>Security through obscurity doesn't work.
>
>- Nick Grimshaw
>{ if you're not part of the solution, you're part of the precipitate. }
>
>
>
>