Jamroom Support: View topic - No protection from favorites downloading?

audiocandy · Beta Team

Curious... was there a fix about for this...

Logged in users... viewing their favorites gets direct access to the files.... skips over your player totally so it's not to hard for a user to snag a file that they shouldn't be.

I know there isn't a system template for the user favorites... so darn if I can figure how to block that access other than eliminating the favorites system totally.

Thanks Kirk!

...Bill

Brian · Jamroom Team

Bill -

the options for streaming/downloading should be the same as they are for anywhere else in Jamroom. I haven't looked a the favorites code in a while, but can check it out and let you know what I see.

Thanks!

- Brian

_________________
Make sure and check out:
* The Jamroom FAQ
* The Jamroom Documentation

KPM · Posted: 01/04/07 15:18

Hi Bill,
In the original player system set this template was over looked. How ever jr_ranking_user_favs_row.tpl was added to the system some time ago. I believe this template should cover this situation.
I have not physicaly tested the favourites system to see what is happening but I'm sure the above file would be the fix.

Hope this helps
regards
Kirk

_________________
ExpressMediaPlayer Helps to prevent theft of your artist's play only video & audio media files from cache's and on board MediaPlayers. Wink

New! Displays Add to Cart Links! JR payments pack required.
http://www.mp3express.com.au/jambeta/

Last edited by KPM on 01/04/07 15:18; edited 1 time in total

audiocandy · Beta Team

Thanks Kirk!

I think the real issue here is, when any user is logged into their admin system, and from there views their favorites... Express Media Player is "missing in action" there.

As there is no template functionality for the display of user favorites from within a users admin system...

I don't see anyway at all for EMP to even function there since there is no template to edit.

Looks like a "hole" in the concept of protected media (which otherwise works great!) Like.... media protected ONLY if user favorites are disabled.

Folks (admins) might wanna know about that, before going all out with hyping the security aspects.

Thanks again!

...Bill

KPM · Posted: 01/04/07 15:38

Thanks for the heads up Bill
I will look into this ... if there are play links there it should be coverable.

Regards
Kirk

_________________
ExpressMediaPlayer Helps to prevent theft of your artist's play only video & audio media files from cache's and on board MediaPlayers. Wink

New! Displays Add to Cart Links! JR payments pack required.
http://www.mp3express.com.au/jambeta/

audiocandy · Beta Team

There is one other similar access point btw... that I forgot to mention...

Any one that operates a JR Radio station (which in many sites can be any user at all)

Has the same option to snag the track as well... as long as they catch on to it.

I'm not sure that much of this is like a real big deal.... but in our case, we are woking with a couple of different lables where I know "security" of a file is of some concern.

So while looking around and testing things out, I bumped into these two places (favorites and radio) where it is an extra simple process to take a song if that user is so inclined. May be other spots... but those two for sure.

...Bill

Jigsaw · Posted: 01/04/07 16:09

WOW!!!! I NEVER thought of this. But, it is NOT GOOD!!!! Plus even when I stream tunes from jam rooms onto my iTunes player, it SHOWS the (.mp3's) link!!!

I deleted the pic. But, even with the streaming function that uses a members player of choice on their machine. They can grab your tunes!

JiGsAw

Last edited by Jigsaw on 01/04/07 16:13; edited 1 time in total

KPM · Posted: 01/04/07 16:10

Hi Bill,
can you post or email me a link regarding more info on the radio scenario are you talking in the admin Bill?

Thanks
Regards
Kirk

_________________
ExpressMediaPlayer Helps to prevent theft of your artist's play only video & audio media files from cache's and on board MediaPlayers. Wink

New! Displays Add to Cart Links! JR payments pack required.
http://www.mp3express.com.au/jambeta/

audiocandy · Beta Team

Sure Kirk!

When a user is using the "modify station" function for their JR Radio station, they can use the JR pop-up song browser to add / delete songs from their station.

They can also preview them... which again skips over EMP and opens the song for listening with WMP etc. and doing with them what they will.

...Bill

KPM · Posted: 01/04/07 16:20

Thanks Bill Smile

No problem Jigsaw i'm looking into it Wink

Note: Folks I have a report a bug or issues forum at my own player boards site which you will find here http://www.mp3express.com.au/phpBB2/viewforum.php?f=23

If your bugs and issues could be reported there in future it would be appreciated Smile

We will continue with this post through to it's conclusion but if anyone finds any other bugs or issues please report them to me via my bug and issues forum.
When and if I can fix these issues all my members will get a free upgrade

Hope this helps

Thanks Guys Wink

Regards
Kirk

_________________
ExpressMediaPlayer Helps to prevent theft of your artist's play only video & audio media files from cache's and on board MediaPlayers. Wink

New! Displays Add to Cart Links! JR payments pack required.
http://www.mp3express.com.au/jambeta/

audiocandy · Beta Team

Jigsaw... thats why you might want a player with some security (or at least some deterent factor built into it)

Express Media Player (For our Pal Kirk here) or a flash player like the one built in some Jamroom themes. Those are extra cool as well.

Nothing is perfect, but those are a REAL good start Wink

If people can hear it, the can always take it no matter what you do.... us... we just don't want to make it like extra easy to do so Wink

The other alternative is of course, DRM (digital rights management) icky!

..Bill

Last edited by audiocandy on 01/04/07 16:24; edited 1 time in total

Brian · Jamroom Team

Thanks for the report Bill - I'll check out the code there as well and make sure Jamroom is checking everything it needs to check.

Thanks!

- Brian

_________________
Make sure and check out:
* The Jamroom FAQ
* The Jamroom Documentation

audiocandy · Beta Team

Might check the playlists (on user pages) for their stations. Might be the same thing there. I long ago customized those on our site to disable listening from the list at all. I don't remember if those open outside default players or not.

Yea Kirk.. I prob should have posted this over on your site. Guess it was a toss up.. at least in my own feeble mind.... jr issue vs. emp issue. I guess I was already posting stuff here and it just fell out Wink

BIG THANKS for looking into this you guys!!! Like I said.. not a REALLY big issue... just one to put an eyeball on. I think most folks when they become a sort of, happy user on your site (an insider if you will) are not likely at all you abuse these little access points.

...Bill

Brian · Jamroom Team

Note that all plays in Jamroom go through play.php, so there's no worries there from the perspective that a "visitor" could stream a song even if the quota doesn't allow it. The only fixes I see are that if a user selects a song to NOT be streamable, then currently it is still streamable from the radio song selector and favorites, which I'll get fixed here for 3.0.25.

Hope this helps!

- Brian

_________________
Make sure and check out:
* The Jamroom FAQ
* The Jamroom Documentation

Brian · Jamroom Team

Actually, on second check here, there's no issue in Jamroom, since the stream.php script checks to ensure the file is allowed for streaming, otherwise it exits.

The only problem I see is that the play button still shows in the favorites, even though it can't actually be played.

Hope this helps!

- Brian

_________________
Make sure and check out:
* The Jamroom FAQ
* The Jamroom Documentation