Solved

VideDisplay and *.flv file secure access

Posted on 2008-10-08
4
583 Views
Last Modified: 2012-05-05
Hi,
In a Flex application I use the VideoDisplay component to dispay videos (*.flv files).
Typically the source property is set to the *.flv file URL, i.e: "http://myserver.com/videos/test.flv" and all work fine. But a user can access video files directly in his browser.
I'm looking for a solution to add security on the video file access (by checking user session ID for example and/or having videos in a folder that is not published).
I try with a PHP file (see code snippet):

But I encountered some problems: video doesn't start fast, there is some big hangs and even the whole application hangs sometimes!

So here are my questions:
- Is it possible to secure access (by session checking for example)?
- Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)

Thanks in advance!

Note: I don't want to use progressive download (no FMS) and no DRM...
I'm using an Apache server.
header ("Content-transfer-encoding: binary");

header ("Content-Type: video/flv");

header("Content-Disposition: ".$this->contentDisposition."; filename=\"".$this->filename. "." . $this->fileExt . "\"");

header("Content-Length: ".$this->size());

$fp = readfile($this->path, "r");

return $fp;

Open in new window

0
Comment
Question by:KCTeam
  • 2
  • 2
4 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 22676128
> - Is it possible to secure access (by session checking for example)?
yes

> - Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)
if the video is not published, it is not accessable (except you have a insecure server:), obviously
But what is the question then if you don't publish it?
0
 

Author Comment

by:KCTeam
ID: 22676489
- Is it possible to secure access (by session checking for example)?
yes


How? Ideally, I want to check session in a database but here that is not my problem. My problem is to have the same performances on video display when checking user access as when video url is directly set. In other words: how to publish video in a secure way and don't alter the display...

> - Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)
if the video is not published, it is not accessable (except you have a insecure server:), obviously
But what is the question then if you don't publish it?

With a PHP script (cf. code snippet) you are able to read files outsite of www folder (at the same level for example). So you could "indirectly" publish files this way but apparently "things" differs from accessing the file directly...
I want to know what these "things" are and how to fix them.

0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 200 total points
ID: 22676569
> .. but apparently "things" differs ..
> I want to know what these "things" ..
ok, following may affect performance:
  1. php runs as module (mod_php) or as executable (suexec or similar)
  2. the folder where the video files reside is not on the same machine
  3. the filesystem with the video folder has some kind of ACLs and/or quotas configured
  4. there is a huge amount of files and the filesystems is not optimized for that
  5. you have huge video files and your php script cannot read streams but needs to blockwise read
  6. slow database access for checking whatever (see below also)
 ...

> Ideally, I want to check session in a database  ..
if peformance is an important criteria, I'd not use a databse for volotile session data
, you better use php's build-in sessions (which uses files in /tmp folder, by default)

> .. same performances ..
keep in mind that using a script wrapper (your php script here) is always slower than streaming directly by the server (see above also)

Conclusion:
  as long as you cannot ensure performance, I'd use the web server's authentication with .htaccess files in the directory for your videos. Configure basic/digest auth in your web server for that directory, and ready you go.
  The performance may suffer here, if you have a huge amount of directories on your server (huge means >> 100).

Hope this helps you to get closer to a solution.

0
 

Accepted Solution

by:
KCTeam earned 0 total points
ID: 22710304
Thanks for your answer.
I think only the item 5. in your list is the source of my problem.
I found a PHP script that limit bandwith and split video in small packets, fixing apparently my problems on video display: http://xmoov.com/xmoov-php/source/
Thanks for your help!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now