Dynamically adding extention

[deadlyromio]

Hi, been awhile since I wanted to do any web design but this I hope to finally build a site...so my question

I have some files that are media files that are view through http..so basically downloading...

I've done this:
Embedded windows media player
Used javascript onselect to change media file
Tested and works in dreamweaver 2004

Now I want to try to hide the file path

I'm looking at hiding the extention or part of the name with javascript?
All filenames are in a ms express database so perhaps loading the file with something like id?=1...not sure yet..anyone have any thougths on how to do this since I didn't find anything in the scripts here

[djr33]

You can do what you want to confuse the user, but if they have any idea what they are doing, they will get around your security very quickly and find a way to download the file.
If you want to use ?id=1, then you can use javascript, though that's more frequently done with php.
You could make 1, or any number, relate to a particular filename.
That's useful.
However, it won't do much for you if your goal is to stop the user from downloading.
You ARE transmitting the data to the user. You can't stop them from accessing and then saving that data.

[deadlyromio]

Thanks for the reply...basically I'm planning to stream video's over wms but since I can't afford the enterprise version of windows 2003 I can't create a pluging to pass authorization from my mssql to the media server...so users have to login (this was easily done by vwd and asp.net)

So my site is like 50% done and hope to put it up soon but my concern is that even though all my stuff is free I have to worry about leeching since all my stuff has all be encoded in hi-quality version so the files are so long(I'm going for a different type of streaming...not to the masses)...

What's the problem with that if I use IIS and just configure it to stop leeching on an extention...well WMS is different and you can't just stop someone from leeching...as long as they know the ip or url name it doens't matter what you do..referrer, cookies, doesn't matter.. all they need is the actual url and they can play it anytime since I can't pass a login and password through my website to WMS without upgrading (this cost alot..i think it was around $4,000 for enterpise version) and I'm not ready to shell out money for something like that yet..

So my only hope is to try to hide the url..

I'm still trying to figure out how to load the query from id?=1 to play without showing the actual url that is saved in the database

I would like javascript to add parts to the name if I don't use the query to pass the id to player..

So say for example file is 0002dyanmicdrive-001.wmv...so I'd like to break it up so it would show as dynamicdrive in source or play from header title so it would be harder to figure out the name of actual media url...anyways...

I guess it must be something harder then I thought,, sorry no js experience..only a bit of vb from college..so I hope that I can figure out a way for this in vb then..thanks

[BLiZZaRD]

my concern is that even though all my stuff is free I have to worry about leeching

If you put it out there, and someone wants it, they will get it, no matter what you do.

I understand your concern, believe me, I have a URL battle going to, although my reasons are not for leaching, and I am not dealing with downloads.

The main point is to make it easy on yourself, and do the best you can to keep the honest people honest.

Using php to id each file is probably your best bet. having ?id=1 in the URL will stop most visitors from even trying. For those that want to try, nothing you can do will stop them, even if they have to resort to setting up a speaker and microphone path and re-recording it themselves.

Unless you can afford codecs to prevent the file from playing on another player than the one you set it up for, I wouldn't stress to much about it.

[Twey]

since I can't pass a login and password through my website to WMS without upgrading (this cost alot..i think it was around $4,000 for enterpise version)

That's ridiculous. $4,000 for something that can't even handle a login and password?

The easiest solution is to use a .htaccess or equivalent to require a username and password over HTTP before beginning to stream the file, but I still don't totally understand why you want to do this.