Secure file download via HTTP

Peter Bogdanoff bogdanoff at me.com
Fri Nov 4 08:02:24 CET 2016


Hi,

My application makes extensive use of audio and video in a player control with files accessed from a server via HTTP. There is some concern in my team that in some countries there may be people who will try to access these files outside my application by somehow replicating a URL. So I’m thinking that if I use HTTPS I could prevent this. But I have questions…

1. Am I right that someone could, maybe by a man-in-the-middle process, grab a URL and use that again later?
2. HTTPS would encrypt the at least the directory and filename in the URL?
3. Could someone grab that encrypted stream of data and reuse it in its encrypted form to download the file anyway?
4. For better security, would I need to use some form of authentication to allow only users of my app to access the server?

My files aren’t particularly secret, but I’m paying for bandwidth and music licensing, and what I have is supposed to be used only in my app.

Anyone have any advice on this or can point me in a direction?

Thanks!

Peter Bogdanoff


More information about the use-livecode mailing list