Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 633
  • Last Modified:

VideDisplay and *.flv file secure access

Hi,
In a Flex application I use the VideoDisplay component to dispay videos (*.flv files).
Typically the source property is set to the *.flv file URL, i.e: "http://myserver.com/videos/test.flv" and all work fine. But a user can access video files directly in his browser.
I'm looking for a solution to add security on the video file access (by checking user session ID for example and/or having videos in a folder that is not published).
I try with a PHP file (see code snippet):

But I encountered some problems: video doesn't start fast, there is some big hangs and even the whole application hangs sometimes!

So here are my questions:
- Is it possible to secure access (by session checking for example)?
- Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)

Thanks in advance!

Note: I don't want to use progressive download (no FMS) and no DRM...
I'm using an Apache server.
header ("Content-transfer-encoding: binary");
header ("Content-Type: video/flv");
header("Content-Disposition: ".$this->contentDisposition."; filename=\"".$this->filename. "." . $this->fileExt . "\"");
header("Content-Length: ".$this->size());
$fp = readfile($this->path, "r");
return $fp;

Open in new window

0
KCTeam
Asked:
KCTeam
  • 2
  • 2
2 Solutions
 
ahoffmannCommented:
> - Is it possible to secure access (by session checking for example)?
yes

> - Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)
if the video is not published, it is not accessable (except you have a insecure server:), obviously
But what is the question then if you don't publish it?
0
 
KCTeamAuthor Commented:
- Is it possible to secure access (by session checking for example)?
yes


How? Ideally, I want to check session in a database but here that is not my problem. My problem is to have the same performances on video display when checking user access as when video url is directly set. In other words: how to publish video in a secure way and don't alter the display...

> - Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)
if the video is not published, it is not accessable (except you have a insecure server:), obviously
But what is the question then if you don't publish it?

With a PHP script (cf. code snippet) you are able to read files outsite of www folder (at the same level for example). So you could "indirectly" publish files this way but apparently "things" differs from accessing the file directly...
I want to know what these "things" are and how to fix them.

0
 
ahoffmannCommented:
> .. but apparently "things" differs ..
> I want to know what these "things" ..
ok, following may affect performance:
  1. php runs as module (mod_php) or as executable (suexec or similar)
  2. the folder where the video files reside is not on the same machine
  3. the filesystem with the video folder has some kind of ACLs and/or quotas configured
  4. there is a huge amount of files and the filesystems is not optimized for that
  5. you have huge video files and your php script cannot read streams but needs to blockwise read
  6. slow database access for checking whatever (see below also)
 ...

> Ideally, I want to check session in a database  ..
if peformance is an important criteria, I'd not use a databse for volotile session data
, you better use php's build-in sessions (which uses files in /tmp folder, by default)

> .. same performances ..
keep in mind that using a script wrapper (your php script here) is always slower than streaming directly by the server (see above also)

Conclusion:
  as long as you cannot ensure performance, I'd use the web server's authentication with .htaccess files in the directory for your videos. Configure basic/digest auth in your web server for that directory, and ready you go.
  The performance may suffer here, if you have a huge amount of directories on your server (huge means >> 100).

Hope this helps you to get closer to a solution.

0
 
KCTeamAuthor Commented:
Thanks for your answer.
I think only the item 5. in your list is the source of my problem.
I found a PHP script that limit bandwith and split video in small packets, fixing apparently my problems on video display: http://xmoov.com/xmoov-php/source/
Thanks for your help!
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now