Hello,
I am new to the PHP world and I have a question.
I would like to take a WAV file and create a new
WAV file from it.

My reason for this is one of my clients has WAV files on their
site and people have been stealing them. So I thought
if I could take the WAV file and stream it to a new file on the
fly maybe it would be more secure.

Please let me know if you have any ideas on this.

Thanks
Will

Perhaps, instead of thinking on complicate php code you should have a look on the server side. This is, maybe the problem is a bad security configuration on the server See if you can do something in the server in order to prevent the wav files to be stolen. I think that would be much more easy than procesing the wav stream on the fly.

Thank you very much for the reply.

It would be nice to create a security scheme that allowed
me to keep these files secure. But because everyone
needs read access to the file I am not sure how to
do that.

I would need to create an object that everyone has access to.
Then use that objects (Special) permissions to get my WAV file.
So even if you found a way to steal the code that reads the
WAV file you would not have permission to access the file
directly. You would ONLY have access to the file using the
object and ONLY if that object was run from the server.

I could do something like this on a Windows Machine using
C# and SQL Server but I am VERY new to PHP and I am not
really sure of how powerful MySQL is.

Well I will continue to look into this.

Thank you again for the help.
Will

unfortunately, if you are going to send the newly created wav file to someone's browser then they are going to be able to steal it no matter what you do.

yes, you can create a new wav file on the fly, but its pointless to take the trouble to do that as long as you are going to serve it to someone on the internet anyway. if you are concerned with someone stealing it, don't put it on the internet.

unfortunately, if you are going to send the newly created wav file to someone's browser then they are going to be able to steal it no matter what you do.

yes, you can create a new wav file on the fly, but its pointless to take the trouble to do that as long as you are going to serve it to someone on the internet anyway. if you are concerned with someone stealing it, don't put it on the internet.


It's to bad that the answer to the question is:
Don't post the files.

Well thank you again for the reply's
Will

well, you could provide access to the wav files through a php script...
and so you could check if the user who requested the wav is authorized or not...

here is an example of how to send a pdf file through a script.

<?
// here do you checkings

$URL = /*url of the file*/

// send content type header
header("Content-type: application/pdf");

// send url of the file
header('Location: '.$URL);
?>

well, you could provide access to the wav files through a php script...
and so you could check if the user who requested the wav is authorized or not...

here is an example of how to send a pdf file through a script.

<?
// here do you checkings

$URL = /*url of the file*/

// send content type header
header("Content-type: application/pdf");

// send url of the file
header('Location: '.$URL);
?>



unfortunately that does absolutely nothing to prevent someone from stealing the wav file. All that does is redirect to the file.

And there is no need to set the content type header if you are setting the location header too.

Question:
What if I were to insert the WAV files into a database (BLOB) column.

Then create a WAV file on the fly from that BLOB data.

I know I can restrict access to a table. Would this give me

more control?

.... WAIT ....

What about FLASH?

Couldn't I use FLASH to play the WAV file from the Database?

I could write a Flash Action Script that connected to a database

created a WAV file and played it. I think this would give me

the control I need. You would not be able to copy the WAV file

to your hard drive (unless you really want it and use a MIC)..


Thank you all again for the information
this has turned out to be a really interesting thread

Will

The database idea will not help, because how you store the file is not an issue, its how you send the the file to an unsecured client ( webbrowser ).

The Flash idea will probably deter most people, but its not foolproof. Somebody who wanted to snatch your WAV file would be slowed down for maybe 5-10 minutes. But for most of the users on the internet playing the sound with Flash would probably be protection enough.

unfortunately that does absolutely nothing to prevent someone from stealing the wav file. All that does is redirect to the file.

And there is no need to set the content type header if you are setting the location header too.

well, yes... your'e right. i just thought, that the OPs problem was the unauthorized access to the files... so routing acces over a script, would cover the subject of unauthorized access.
(that thing with the location header... well, might be :) )

and what do you mean by foolproof? no method is really foolproof... you are only building the wall higher and higher an attacker has to climb over... so what you win is time, and as you said, propably not more than minutes.

but to put an own flash player, which gets the data from a database... also good idea...

hint: if you have problem storing and retrieving your binary wav file correctly from the db, try to store it in base 64 encoded format.

This has been awsome.. thank you again..

Here is what I am going to do.
Rather then working with BLOB data.. (FUN)
I am going to insert the names and locations of the WAVs into a Database
Then I am going to save the WAVs to a location on the server
with the ID from the database and NO extension.

In the Flash movie I am going to set a variable that will
tell it the Name of the file to load. The path to the WAV file
will be built on the fly with the information
from the database and the extension will be appended.

this way.. even if you could get the SWF file you could not connect
to the database to play the file. I know I cant stop everyone BUT
I can stop enough people to make me feel better about putting
this content on the web.

Thank you again,
Will