httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard Peacock" <richard.peac...@minorplanet.com>
Subject RE: [users@httpd] How to prevent a site to be grabbed ?
Date Fri, 27 Mar 2009 08:58:45 GMT
.. but surely even if he uses this one-time method then the person who clicks the link for
the mp3 file will still get the file? albeit with added server load as it is copied first
then deleted - not to mention the additional script work that would be needed?

Ultimately, there is no way to protect the content if it is web-facing, the web is a public
resource and anything put on there can be grabbed by anyone.  If he really wants to protect
the files then he would need to encrypt the files at source so when someone who is not authorised
gets it, they can't do anything with it as they don't have the de-cryption key.


-----Original Message-----
From: Jonathan Zuckerman [mailto:j.zuckerman@gmail.com]
Sent: Thu 3/26/2009 18:06
To: users@httpd.apache.org
Subject: Re: [users@httpd] How to prevent a site to be grabbed ?
 
Use a one-time pad.  Every URL to an mp3 is not an actual resource,
it's a link that is generated when the user indicates a desire to
download the mp3, and the mp3 is then copied from a protected place to
a public place.  After that link is accessed one time, a script is run
which outputs the mp3 as a file, then deletes the public mp3 and
invalidates the link.  Hashing, cryptography, this is a classic
computer science problem ;)

On Thu, Mar 26, 2009 at 2:38 AM, Octavian Rasnita <orasnita@gmail.com> wrote:
> Password-protect it, and don't give the password to anyone. :-)
>
> If someone sees a page from your site, that page was already downloaded to the visitor's
computer, and a visitor can create a program that download all the pages which he can access
using a browser.
>
> Octavian
>
> ----- Original Message -----
> From: "J. Bakshi" <joydeep@infoservices.in>
> To: <users@httpd.apache.org>
> Sent: Thursday, March 26, 2009 10:57 AM
> Subject: [users@httpd] How to prevent a site to be grabbed ?
>
>
>> Hello,
>>
>> This is a very worried continuation of my previous mail "how to prevent
>> mp3 downloading ?"
>> André Warnier has already opened my eyes that wget and curl are quite
>> capable to bypass the .htaccess by using --user-agent option and I
>> myself successfully downloaded some file and folders from the my own
>> site which I believe having a strong .htaccess to prevent curl and wget.
>>
>> So I'm looking a way to prevent my site to be grabbed. Could any one
>> suggest any measure in apache or .htaccess ?
>>
>> Eagerly waiting for your kind response.
>> Thanks
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org





**********************************************************************
Privileged/Confidential Information may be contained in this 
message. If you are not the addressee indicated in this 
message (or responsible for delivery of the message to such 
person), you must not copy, distribute or take any action in 
reliance to it.
In such case, you should destroy this message and kindly 
notify the sender by reply email. Please advise immediately 
if you or your employer do not consent to Internet email for 
messages of this kind. Opinions, conclusions and other 
information in this message that do not relate to the official 
business of Minorplanet Systems plc shall be understood as 
neither given nor endorsed by it. Minorplanet Systems plc, Registration no: 3372097
Minorplanet Limited, Registration no: 4072786
Greenwich House, 223 North Street, Leeds, LS7 2AA
VAT #: 698 1438 86
********************************************************************** 
 
Mime
View raw message