Securing files from direct download

I'm going to be creating a site which allows users to listen to music, in PHP5 and MySQL. One of my main concerns is users being able to download audio or video files without me giving them access to. For example, there is a plugin for firefox which gives you the ability to download any media which is currently playing in the browser. So I can go to youtube, watch a video, and download the video to my computer while its playing. Is there any way to prevent this?

I only want users to be able to download media if I make it available to them. Can I store the media files in a directory which has no access at all, and still access those files in my application? Would that solve my problem? Would it be better if I stored the files in the database (binary)? Is it actually possible to do what I'm trying to do?

Thanks.

i don't think there's a way to let people view something but not "download it". Just by viewing it, they are downloading it. I could be wrong about this...

Really, I'm just trying to prevent folks from being able to save the media files to their computer......if possible.

that's called downloading ;) see above

Alright well, you said you could be wrong.....so can somebody prove him wrong?

What you’re looking for is some kinda anti-leech system. what it does is mealy mask the true address of the media files. Although, for a smart programmer this type of security wouldn't be enough to shop them from finding the true address.

he is exactly right, you can't have streaming media without some way for them to download it. when they stream it, it is actually downloading (buffering) to the computer in the cache. not hard for someone to save it by viewing the source of the page and getting the filename. then it is an easy download from there.

you might try some sort of php passthrough system. kinda like you said, .htaccess deny from all (or whatever it is) in the media directory then use a php script to access the file called by an id number. you could use sessions, like when they access the media page write a timestamp to sessions along with the file id. in the php passthrough script check to see if the session is set and is not over x seconds. if that time has passed, don't allow the file to be loaded. if you set it to like 5 seconds, they would have to reload the page and start the download within 5 seconds. problem is that if it is too low, the plugin will time out on slower connections/computers. also if there is an extention that gets the cached filename, you could just copy the cached file and rename it.

the only other option I might suggest is to have a low quality version for streaming and allow for them to download a high quality version.