|
| PORTAIL | ANNUAIRE | ARTICLES | COMPARATEUR HÉBERGEURS | DEVIS | FORUMS | RÉDUCTEUR D'URL |
|
|
|
|
||||||
 |
|
|
LinkBack | Outils de la discussion |
04/01/2008, 18h08
|
#1 |
Messages: n/a
Hébergeur: |
Re: [PHP] How to secure Flash Video?
On Jan 4, 2008 12:58 PM, tedd <tedd.sperling@gmail.com> wrote:
> Hi gang: > > Here's the problem. > > I have a client who has Flash Videos and wishes to rent these Videos > out for a certain time period. (No, it's not porn -- shame on you). I stopped reading at this point, due to lack of interest. Then I started again. > However, once the user is provided with a url where the Flash Video > resides, then the user can view the video remotely by just creating a > page that references that url -- that's easy to do. > > Now, how can I stop that from happening? You could do link expirations with an auto-generated URL to mask the actual location, or could even create a dynamic symlink or copy on the server itself. Have it expire and regenerate a new link every 15 minutes. To stop people from remotely-linking the video, disable hotlinking of that file (or type) in Apache. -- Daniel P. Brown [Phone Numbers Go Here!] [They're Hidden From View!] If at first you don't succeed, stick to what you know best so that you can make enough money to pay someone else to do it for you. |
|
|
04/01/2008, 18h30
|
#2 |
|
Messages: n/a
Hébergeur: |
Re: [PHP] How to secure Flash Video?
At 1:08 PM -0500 1/4/08, Daniel Brown wrote:
>On Jan 4, 2008 12:58 PM, tedd <tedd.sperling@gmail.com> wrote: > > Now, how can I stop that from happening? > > You could do link expirations with an auto-generated URL to mask >the actual location, or could even create a dynamic symlink or copy on >the server itself. Have it expire and regenerate a new link every 15 >minutes. ??? You lost me at "You could do.." You have an example? Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com |
|
|
|
04/01/2008, 18h54
|
#3 |
|
Messages: n/a
Hébergeur: |
Re: [PHP] How to secure Flash Video?
On Jan 4, 2008 1:30 PM, tedd <tedd.sperling@gmail.com> wrote:
> At 1:08 PM -0500 1/4/08, Daniel Brown wrote: > >On Jan 4, 2008 12:58 PM, tedd <tedd.sperling@gmail.com> wrote: > > > Now, how can I stop that from happening? > > > > You could do link expirations with an auto-generated URL to mask > >the actual location, or could even create a dynamic symlink or copy on > >the server itself. Have it expire and regenerate a new link every 15 > >minutes. > > ??? > > You lost me at "You could do.." > > You have an example? Not really, but I do have theory in explanation: 1.) Links are generated to the videos based on a cron that runs every 15 minutes. The links can either be generated for each individual, or can be generated for the server as a whole. While the former is more secure, the latter is much more prudent and takes far less resources. Chances are, a global re-address should suffice. 2.) The generated links are stored in a database, and are called when a page loads. See the postscript for one possible point of interest related to this. 3.) The user clicks the generated link, which is a mask to the actual file. The user does not see the actual file, however, as this is where Rob's idea of flushing the file through the buffer comes into play. The file is `read` through the buffer to the client. ALTERNATIVE 1: The cron can create symlinks on the server to the original files to be used either under the user's directory (to which they, and only they, have access), or done globally. ALTERNATIVE 2: Physically copy the files into the user directory, and have them renamed or removed from the directory on a schedule. This will allow you to halt access should the files be hotlinked. Conversely, you can do what I've done over the years: when you detect that someone is displaying an image on their page that resides on your server, eating your bandwidth, you replace it with something undesirable. For example, I had a wannabe tough-guy on MySpace displaying a graphic from one of my sites (militaria) on his profile. It was a rather large graphic that was sucking down about 50MB per day. I replaced it with a cute graphic announcing how much he enjoyed Pokemon, and the linking stopped within about 48 hours. So there are plenty of viable methods.... choosing which works best in your situation is the key. P.S. - In Step 2, keep in mind that, if a page is loaded and a link not clicked prior to the next run of the cron (and subsequent generation of links for the client to receive), the links will cause 404 errors. One solution would be to maintain a key in the database, with one or two rows of previously-generated links. This will allow a minimum of 16 minutes (on two rows) to a maximum of 44 minutes (on three rows). The $_SESSION['key'] (or ?key=xxxx) variable is looked up in the database when the link is clicked, and PHP determines how to translate the link. If it's not found, the session has been active and idle for too long, and times out. This is another recommended layer of security for any user area, of course, because there should be no Good Reason[tm] that anyone would be staring blankly at a page for 44 minutes. If they simply forgot about the session, then they can suffer the consequences and take the 30 seconds (or less) required to log in again. -- Daniel P. Brown [Phone Numbers Go Here!] [They're Hidden From View!] If at first you don't succeed, stick to what you know best so that you can make enough money to pay someone else to do it for you. |
|
|
|
| Outils de la discussion | |
|
|
