Symphony.

I would like to include an HTML5 audio player (jplayer.org) on the homepage of a website that would play entire songs but I'd also like to prevent visitors from downloading the song on their computer. Is this possible? Is there a Symphony plugin that would do that?

There is a Private Upload extension, but I found that it isn't necessary if you are able to use the default Upload field extension and include an .htaccess file on the upload directory.

Thanks @bauhouse. What would I have to write in the .htaccess file?

I should add that while these extensions might allow storage outside of your web root, if you're serving an audio file to a user through an HTML5 audio player, then they will be able to download the asset regardless of where it lives. If you need to control access completely, you'll need an alternative delivery such as Flash or SIlverlight, and probably some horrible DRM, which can mask the file entirely.

(You can rip MP3s from MySpace even when the "Download" option is disabled, if you know where to look.)

Obfuscation of the file path is probably your only option. If you're trying to prevent users downloading the file, is this because there are legal/rights issues over distributing the files?

Thank you Nick. I think you're right but for what I need @bauhouse's solution might work.

I'm creating websites for musicians. The idea is to offer songs to be listened for free on the website but the visitors to be prevented from downloading them. They could buy the songs instead if they want access offline and also better sound quality.

I would like these files to be accessible on any platform, but especially iphone and ipad. I'm using jplayer and it's very good for that. So only a flash solution wouldn't work for me.

I'm sure that someone who has enough knowledge about file access on the internet would be able to override my .htacess file but most of the people who will come to the website won't have those skills. And anyone who does have them couldn't be bothered the hassle.

I've tried this code in the .htaccess file

order deny,allow
deny from all
allow from localhost
IndexIgnore .htaccess

but I can still have access to the .mp3 file by typing a link like this into the browser http://localhost/poetry/workspace/uploads/audio/juramant-sample.mp3

@ovidiust: the problem I think Nick is adressing is that the JPlayer javascript library will need client access. So limiting access to localhost will not work, because then the user will not be able to access the file remotely.

So there is no sense in doing allow / deny configuration. The only thing you can do is obfuscating the path: rewrite some bogus path like http://host/asdljasglkhkhopahsgioha9opsg/file.mp3 to /workspace/files/file.mp3. That way people will not quess the path.

However, using firebug or other dev tools will allow users to find the file and download it anyway.

Thank you Remie. You're right. I hardly knew anything about .htaccess until yesterday when I did a little bit of research on the Internet. I naively believed that .htaccess could solve my problem. I was hoping there is a way in which I can allow access to the .mp3 file if it's called from, say, the homepage but restrict if the file were accessed by typing the address in the browser. I'll just advise my customers to put only samples on their websites rather than entire songs.