J. Bakshi wrote:
In simple words, and as many people on this list have tried to tell you already : NO. NO like "there is no way to prevent it".Any idea how to prevent it ?
The fundamental idea here is : if you give some information away from your web server to a web browser, then it is given, and you can't take it back. You can try to hide it, disguise it, obfuscate it, but in the end the browser has it, so the user has it, and there is nothing you can do about it. Someone else wrote : if you don't want the user to be able to download something from your server, then do not put it there.
That is true.The only way to do something that resembles what you want, would be to require the usage, at the user side, of a special "playback agent" that they download from your site in advance, and which talks to your server in some encrypted way. But even then, whatever that plugin exchanges with your server still circulates between the browser and the server on the Internet, and a sufficiently motivated user can record what happens, analyse it, reproduce it, etc..
Just to press the point : you mention that you done things in your .htaccess to prevent people to download stuff using curl, wget etc.. That's an illusion. The htaccess (or any other similar method supposed to exclude some remote agents) works only on the base of some information that the user-agent provides to the server (look up the User-Agent HTTP header). If the user changes that header, then your htaccess will be fooled. Have a look at the wget and curl "--user-agent" command-line options, and try them with your pages.
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|