Solved

VideDisplay and *.flv file secure access

Posted on 2008-10-08
4
591 Views
Last Modified: 2012-05-05
Hi,
In a Flex application I use the VideoDisplay component to dispay videos (*.flv files).
Typically the source property is set to the *.flv file URL, i.e: "http://myserver.com/videos/test.flv" and all work fine. But a user can access video files directly in his browser.
I'm looking for a solution to add security on the video file access (by checking user session ID for example and/or having videos in a folder that is not published).
I try with a PHP file (see code snippet):

But I encountered some problems: video doesn't start fast, there is some big hangs and even the whole application hangs sometimes!

So here are my questions:
- Is it possible to secure access (by session checking for example)?
- Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)

Thanks in advance!

Note: I don't want to use progressive download (no FMS) and no DRM...
I'm using an Apache server.
header ("Content-transfer-encoding: binary");
header ("Content-Type: video/flv");
header("Content-Disposition: ".$this->contentDisposition."; filename=\"".$this->filename. "." . $this->fileExt . "\"");
header("Content-Length: ".$this->size());
$fp = readfile($this->path, "r");
return $fp;

Open in new window

0
Comment
Question by:KCTeam
  • 2
  • 2
4 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 22676128
> - Is it possible to secure access (by session checking for example)?
yes

> - Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)
if the video is not published, it is not accessable (except you have a insecure server:), obviously
But what is the question then if you don't publish it?
0
 

Author Comment

by:KCTeam
ID: 22676489
- Is it possible to secure access (by session checking for example)?
yes


How? Ideally, I want to check session in a database but here that is not my problem. My problem is to have the same performances on video display when checking user access as when video url is directly set. In other words: how to publish video in a secure way and don't alter the display...

> - Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)
if the video is not published, it is not accessable (except you have a insecure server:), obviously
But what is the question then if you don't publish it?

With a PHP script (cf. code snippet) you are able to read files outsite of www folder (at the same level for example). So you could "indirectly" publish files this way but apparently "things" differs from accessing the file directly...
I want to know what these "things" are and how to fix them.

0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 200 total points
ID: 22676569
> .. but apparently "things" differs ..
> I want to know what these "things" ..
ok, following may affect performance:
  1. php runs as module (mod_php) or as executable (suexec or similar)
  2. the folder where the video files reside is not on the same machine
  3. the filesystem with the video folder has some kind of ACLs and/or quotas configured
  4. there is a huge amount of files and the filesystems is not optimized for that
  5. you have huge video files and your php script cannot read streams but needs to blockwise read
  6. slow database access for checking whatever (see below also)
 ...

> Ideally, I want to check session in a database  ..
if peformance is an important criteria, I'd not use a databse for volotile session data
, you better use php's build-in sessions (which uses files in /tmp folder, by default)

> .. same performances ..
keep in mind that using a script wrapper (your php script here) is always slower than streaming directly by the server (see above also)

Conclusion:
  as long as you cannot ensure performance, I'd use the web server's authentication with .htaccess files in the directory for your videos. Configure basic/digest auth in your web server for that directory, and ready you go.
  The performance may suffer here, if you have a huge amount of directories on your server (huge means >> 100).

Hope this helps you to get closer to a solution.

0
 

Accepted Solution

by:
KCTeam earned 0 total points
ID: 22710304
Thanks for your answer.
I think only the item 5. in your list is the source of my problem.
I found a PHP script that limit bandwith and split video in small packets, fixing apparently my problems on video display: http://xmoov.com/xmoov-php/source/
Thanks for your help!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

First things first - Preparation We need all the part for this install and it's much nicer to have them all on hand when you need them so here's what's required. Download Eclipse 3.5 32 bit (I like the Classic flavour) from here. (http://www.e…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question