I know this is a bit contradicting seeing as the browser would have to download the font to render it but I was wondering if there is a way to host it where that it cannot be directly downloaded (or cached onto a user’s computer for that matter).
A solution I came up with was to make a PHP script that hashes the current time to the second (adding a salt). If a particular variable in the GET request matches this hash then it will send out the header for the font’s MIME type and then output the contents of the font file.
Then I would recreate the hash in the stylesheet and concatentate strings where that it would be a valid request to the PHP script.
That’s the basic idea. I had it working. But there were two flaws in this:
- If the browser requests the font on a different second, the PHP script would fail to match the hashes up, therefore, would output nothing thus the font would be the backup font (or the default font if none were provided)
- If someone were quick enough, he/she could still download the font directly if he/she requested it on the same second (granted this would probably have to be a script that would do this.
Also does the browser cache the font anywhere (not that the caching would help since the hash in the URI would practically always be different).
EDIT: Are there any $_SERVER variables that I could utilize?
As the other answers say, it’s very difficult (impossible) against someone that really wants to download it. There is pretty much always a way. However, to give you some ideas, this article describes how Typekit handles the problem.