Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

VideDisplay and *.flv file secure access

Posted on 2008-10-08
4
Medium Priority
?
625 Views
Last Modified: 2012-05-05
Hi,
In a Flex application I use the VideoDisplay component to dispay videos (*.flv files).
Typically the source property is set to the *.flv file URL, i.e: "http://myserver.com/videos/test.flv" and all work fine. But a user can access video files directly in his browser.
I'm looking for a solution to add security on the video file access (by checking user session ID for example and/or having videos in a folder that is not published).
I try with a PHP file (see code snippet):

But I encountered some problems: video doesn't start fast, there is some big hangs and even the whole application hangs sometimes!

So here are my questions:
- Is it possible to secure access (by session checking for example)?
- Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)

Thanks in advance!

Note: I don't want to use progressive download (no FMS) and no DRM...
I'm using an Apache server.
header ("Content-transfer-encoding: binary");
header ("Content-Type: video/flv");
header("Content-Disposition: ".$this->contentDisposition."; filename=\"".$this->filename. "." . $this->fileExt . "\"");
header("Content-Length: ".$this->size());
$fp = readfile($this->path, "r");
return $fp;

Open in new window

0
Comment
Question by:KCTeam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 22676128
> - Is it possible to secure access (by session checking for example)?
yes

> - Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)
if the video is not published, it is not accessable (except you have a insecure server:), obviously
But what is the question then if you don't publish it?
0
 

Author Comment

by:KCTeam
ID: 22676489
- Is it possible to secure access (by session checking for example)?
yes


How? Ideally, I want to check session in a database but here that is not my problem. My problem is to have the same performances on video display when checking user access as when video url is directly set. In other words: how to publish video in a secure way and don't alter the display...

> - Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)
if the video is not published, it is not accessable (except you have a insecure server:), obviously
But what is the question then if you don't publish it?

With a PHP script (cf. code snippet) you are able to read files outsite of www folder (at the same level for example). So you could "indirectly" publish files this way but apparently "things" differs from accessing the file directly...
I want to know what these "things" are and how to fix them.

0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 800 total points
ID: 22676569
> .. but apparently "things" differs ..
> I want to know what these "things" ..
ok, following may affect performance:
  1. php runs as module (mod_php) or as executable (suexec or similar)
  2. the folder where the video files reside is not on the same machine
  3. the filesystem with the video folder has some kind of ACLs and/or quotas configured
  4. there is a huge amount of files and the filesystems is not optimized for that
  5. you have huge video files and your php script cannot read streams but needs to blockwise read
  6. slow database access for checking whatever (see below also)
 ...

> Ideally, I want to check session in a database  ..
if peformance is an important criteria, I'd not use a databse for volotile session data
, you better use php's build-in sessions (which uses files in /tmp folder, by default)

> .. same performances ..
keep in mind that using a script wrapper (your php script here) is always slower than streaming directly by the server (see above also)

Conclusion:
  as long as you cannot ensure performance, I'd use the web server's authentication with .htaccess files in the directory for your videos. Configure basic/digest auth in your web server for that directory, and ready you go.
  The performance may suffer here, if you have a huge amount of directories on your server (huge means >> 100).

Hope this helps you to get closer to a solution.

0
 

Accepted Solution

by:
KCTeam earned 0 total points
ID: 22710304
Thanks for your answer.
I think only the item 5. in your list is the source of my problem.
I found a PHP script that limit bandwith and split video in small packets, fixing apparently my problems on video display: http://xmoov.com/xmoov-php/source/
Thanks for your help!
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question