128 bitrate?
Amazon access key
Expires ??
No idea what gda is.
Also their signature.
This is security 101 right? Or is this normal for a service of this kind? Also are they officially using the Soundcloud API? if yes, is this one of the responses of the API?
Only way to really hide the info would be to really stream all content through their box. Then they just could host it themselves in the first place...
A lot of these services can be gamed and all the songs can be downloaded. You can easily download every song from turntable.fm as well, its not rocket science. Open up the Chrome developer console and look at the network tab...
We are working on securing/masking the url, but at the end of the day, Console.fm is not a true stream, so we cannot securely give the user the song with out the soundcloud .mp3
Please voice any advice you have on this issue or help out, open to suggestions as to we are looking into a proper fix right now.
If a sound (like a stream) is playing on your computer, it can be ripped directly from the playback device. I've done it in the past with complete preservation of the sound's fidelity, but I suppose it might not always be possible.
It's much easier than that, just take any song link that's not playing and open in a new tab, or just choose "Save link as...", works in Google Chrome. :)
I thought they were going to get around this by using a hidden flash player but most reports I've seen says it's going to be pure HTML5. I wouldn't put it past tech writers to get something wrong but if it is as they say and is pure HTML5, then yes it could be done.
If you find a "hack" like this on a music website, keep it to your self. If you post about it, they'll try to fix it or obscure it but who knows if some guy at soundcloud will revoke their api key first or some major label dick will initiate legal proceedings forthwith. And then you've just kicked your favorite music site in the nuts, congratulations.
By the way, if you can stream it, you can download it, on any service. One-time use streaming keys are no defense against right clicking. It's just a matter of how much patience you have to expose the underlying URL.
Sure, like he said with enough patience you can. For instance if could write a custom audio driver in linux that dumps the bits to a file and then encode that.
http://ak-media.soundcloud.com/xpO4gBZA21w4.128.mp3?AWSAcces...
128 bitrate? Amazon access key Expires ?? No idea what gda is. Also their signature.
This is security 101 right? Or is this normal for a service of this kind? Also are they officially using the Soundcloud API? if yes, is this one of the responses of the API?