It would be great if an IP restriction for Secure Tokens would also be possible. We can see in our logs that there are downloads for our paid content for someone who isn’t logged into for downloading, which can only mean that a customer is sharing links with friends.
If course, let’s not pretend that piracy doesn’t exist, and let’s not pretend he couldn’t just send the files to his friend. But still, you can grab the links from our site, post them in a piracy forum, and then thousands of pirates get free, premium downloads of our paid content if they act before expiration. And since the files are large, expiration is not immediate.
We had an IP restriction when we hosted paid downloads with Amazon, and the lack of this with KeyCDN was a fear that we eventually rationalized. But it appears that it is really a problem.
This should be extremely simple to implement. The IP would just go in the URL, and then MD5 would sign it as usual.
On that note, are you happy with MD5 as a signing algorithm? Isn’t that considered inadequate?