latest stable versions: v150827 (changelog)

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

site works fine, but files still stealable

Home Forums Community Forum site works fine, but files still stealable

This topic contains 5 replies, has 3 voices. Last updated by  Michael Kang 3 years, 5 months ago.

Topic Author Topic
Posted: Sunday Jul 28th, 2013 at 8:13 am #54291

S2Member locks all our content fine, and our first sales are coming in.

However, we don’t allow media files to be downloaded. On a product page, if I look at the source code, search for .mp3, then log out of my site so I have no more access, paste the URL, I can still open and listen to the MP3. This means all our products are not “really” locked. As a user I could just share these URLs with my friends or post on another website. Try it: does this link play for you?
http://dvi7dmkud5mbu.cloudfront.net/Appt-0501-0550-ENZH-A.mp3?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cDovL2R2aTdkbWt1ZDVtYnUuY2xvdWRmcm9udC5uZXQvQXBwdC0wNTAxLTA1NTAtRU5aSC1BLm1wMyIsIkNvbmRpdGlvbiI6eyJJcEFkZHJlc3MiOnsiQVdTOlNvdXJjZUlwIjoiMzYuMjMxLjE0Ni41Ni8zMiJ9LCJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTM3NTA5OTMwNn19fV19&Signature=XoXfnd~nwZhJg3BtAoOa5s4Y–81OtJkXld7YjfgS0jwSS~ZoF7OUzzm7EqWfpQxg95Pk1KElP2NN4x-dN0tVAT9sEEbPvsLHnWGBSlGVFQ0OKcjztOSE~fWT7NRZ9RtfLtMjMT7fYnyWxepXuqAEtEe~S52iRU2Ni1KzvxAfHxRpM4Q5uDXHPrCglGkkMb6NjxaVeIwd7Xxw3TLvtaF9N5NAmu0IRd6136gSiaGBl7ihH7WbsAHg5Xpp2b9Mw5T0hj2SwHWckINRAOWthsGH0qvnubFn3EMin8o495TPYU0FhaU7ZD3Fca89QINRpLXxZgGIMr1qrTGwl3nqS17Qg__&Key-Pair-Id=APKAJUC3OOAN5O3TWG3Q

We provide downloadable PDFs, and found we could not put the MP3s directly in the ebook. Changing the URL code to “inline=no” doesn’t work. PDFs and MP3s still open directly in the browser. Downloaded PDFs still play the MP3 files directly from S3 without verifying the user is logged in to his account.

What, if any, settings have we forgotten?

List Of Topic Replies

Viewing 5 replies - 1 through 5 (of 5 total)
Author Replies
Author Replies
Posted: Sunday Jul 28th, 2013 at 11:52 am #54297
Eduan
Username: Eduan
Moderator

That link does not play for me. It gives me an access denied page.

– Eduan

Posted: Sunday Jul 28th, 2013 at 11:17 pm #54312

That is a relief, because all of our computers are showing that the file is still accessible.

Posted: Tuesday Jul 30th, 2013 at 3:43 am #54383

Eduan,

Although I found that what you stated is in fact true, I would like to return to this issue.

Since our company develops foreign language training products with many MP3 and MP4 products, in order to protect them from getting distributed all over the internet bit torrents, we’re still encountering some problems:

1. We lock our multimedia files for paying users to access “inline” on the webpage without download option.
2. However, as a PAYING USER, I can still look at the source code, find the aforementioned MP3 file, copy the code into my browser and access the file, even by filename.
3. What prevents one bad PAYING USER (or group) from buying all our products, downloading them, then launching his own business inside China, spamming 100 million people, charging a dollar for all our products, then he closes his business after 7 days pocketing millions of dollars and now all our products appear free all over the China web, and probably other countries too? We have a team of designers and linguists who put a lot of effort and time into developing beautiful products and we’d like to launch in China, but … cautiously! Thank you!

Thanks again for your attention to this!

Regards,
Mike

Posted: Wednesday Jul 31st, 2013 at 12:28 am #54448
Bruce
Username: Bruce
Staff Member

3. What prevents one bad PAYING USER (or group) from buying all our products, downloading them, then launching his own business inside China, spamming 100 million people, charging a dollar for all our products, then he closes his business after 7 days pocketing millions of dollars and now all our products appear free all over the China web, and probably other countries too? We have a team of designers and linguists who put a lot of effort and time into developing beautiful products and we’d like to launch in China, but … cautiously! Thank you!

First I want to mention that no matter how you’re serving your files (inline or not) the User is still downloading the file. The only difference between the two methods is that inline sends some specific headers to the browser to tell it that it’s possible to download the file inline, making it simpler for Users to view the file.

This can be demonstrated with an inline link to an .mp3 file. Even if the file is served inline, you can simply right-click the link and Save Link As… in your browser.

As for the links being available for a period of time after the download:

This has to do with Amazon’s Signed URLS. s2Member goes over what these are in this section of your Dashboard (click to see full image):

Dashboard -› s2Member® -› Download Options -› Amazon® S3/CloudFront CDN Storage


The bottom line here is that (as far as I know) there is no way to totally securely share your files. However you do it, Users still download the file to view it and it can be accessed in it’s raw format. Your best defense against what you’re looking for are things like well-written Terms and Conditions. Protecting your work legally is very important any time you’re providing content to Users on the internet.

I hope that clarifies things. Let us know if you have any further questions. :-)

Posted: Wednesday Jul 31st, 2013 at 1:21 am #54453

Thank you very much. I understand what you mean by how the users use the files. A paying member’s computer or device will still leave a copy of that file on their machine, so it’s up to our legal definition of what that user may do with the files is the only way we can protect ourselves. Sigh, unfortunately, the wild west is now the wild east, where no laws apply.

Viewing 5 replies - 1 through 5 (of 5 total)

This topic is closed to new replies. Topics with no replies for 2 weeks are closed automatically.

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Contacting s2Member: Please use our Support Center for bug reports, pre-sale questions & technical assistance.