Solved

VideDisplay and *.flv file secure access

Posted on 2008-10-08
4
600 Views
Last Modified: 2012-05-05
Hi,
In a Flex application I use the VideoDisplay component to dispay videos (*.flv files).
Typically the source property is set to the *.flv file URL, i.e: "http://myserver.com/videos/test.flv" and all work fine. But a user can access video files directly in his browser.
I'm looking for a solution to add security on the video file access (by checking user session ID for example and/or having videos in a folder that is not published).
I try with a PHP file (see code snippet):

But I encountered some problems: video doesn't start fast, there is some big hangs and even the whole application hangs sometimes!

So here are my questions:
- Is it possible to secure access (by session checking for example)?
- Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)

Thanks in advance!

Note: I don't want to use progressive download (no FMS) and no DRM...
I'm using an Apache server.
header ("Content-transfer-encoding: binary");
header ("Content-Type: video/flv");
header("Content-Disposition: ".$this->contentDisposition."; filename=\"".$this->filename. "." . $this->fileExt . "\"");
header("Content-Length: ".$this->size());
$fp = readfile($this->path, "r");
return $fp;

Open in new window

0
Comment
Question by:KCTeam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 22676128
> - Is it possible to secure access (by session checking for example)?
yes

> - Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)
if the video is not published, it is not accessable (except you have a insecure server:), obviously
But what is the question then if you don't publish it?
0
 

Author Comment

by:KCTeam
ID: 22676489
- Is it possible to secure access (by session checking for example)?
yes


How? Ideally, I want to check session in a database but here that is not my problem. My problem is to have the same performances on video display when checking user access as when video url is directly set. In other words: how to publish video in a secure way and don't alter the display...

> - Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)
if the video is not published, it is not accessable (except you have a insecure server:), obviously
But what is the question then if you don't publish it?

With a PHP script (cf. code snippet) you are able to read files outsite of www folder (at the same level for example). So you could "indirectly" publish files this way but apparently "things" differs from accessing the file directly...
I want to know what these "things" are and how to fix them.

0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 200 total points
ID: 22676569
> .. but apparently "things" differs ..
> I want to know what these "things" ..
ok, following may affect performance:
  1. php runs as module (mod_php) or as executable (suexec or similar)
  2. the folder where the video files reside is not on the same machine
  3. the filesystem with the video folder has some kind of ACLs and/or quotas configured
  4. there is a huge amount of files and the filesystems is not optimized for that
  5. you have huge video files and your php script cannot read streams but needs to blockwise read
  6. slow database access for checking whatever (see below also)
 ...

> Ideally, I want to check session in a database  ..
if peformance is an important criteria, I'd not use a databse for volotile session data
, you better use php's build-in sessions (which uses files in /tmp folder, by default)

> .. same performances ..
keep in mind that using a script wrapper (your php script here) is always slower than streaming directly by the server (see above also)

Conclusion:
  as long as you cannot ensure performance, I'd use the web server's authentication with .htaccess files in the directory for your videos. Configure basic/digest auth in your web server for that directory, and ready you go.
  The performance may suffer here, if you have a huge amount of directories on your server (huge means >> 100).

Hope this helps you to get closer to a solution.

0
 

Accepted Solution

by:
KCTeam earned 0 total points
ID: 22710304
Thanks for your answer.
I think only the item 5. in your list is the source of my problem.
I found a PHP script that limit bandwith and split video in small packets, fixing apparently my problems on video display: http://xmoov.com/xmoov-php/source/
Thanks for your help!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Forward apache log to Syslog-NG 7 137
Multiple SSL sites on one IP? 3 69
PHP Upload using Uploadify 4 127
Apache LDAP Authentication 20 72
As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question