KCTeam
asked on
VideDisplay and *.flv file secure access
Hi,
In a Flex application I use the VideoDisplay component to dispay videos (*.flv files).
Typically the source property is set to the *.flv file URL, i.e: "http://myserver.com/videos/test.flv" and all work fine. But a user can access video files directly in his browser.
I'm looking for a solution to add security on the video file access (by checking user session ID for example and/or having videos in a folder that is not published).
I try with a PHP file (see code snippet):
But I encountered some problems: video doesn't start fast, there is some big hangs and even the whole application hangs sometimes!
So here are my questions:
- Is it possible to secure access (by session checking for example)?
- Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)
Thanks in advance!
Note: I don't want to use progressive download (no FMS) and no DRM...
I'm using an Apache server.
In a Flex application I use the VideoDisplay component to dispay videos (*.flv files).
Typically the source property is set to the *.flv file URL, i.e: "http://myserver.com/videos/test.flv" and all work fine. But a user can access video files directly in his browser.
I'm looking for a solution to add security on the video file access (by checking user session ID for example and/or having videos in a folder that is not published).
I try with a PHP file (see code snippet):
But I encountered some problems: video doesn't start fast, there is some big hangs and even the whole application hangs sometimes!
So here are my questions:
- Is it possible to secure access (by session checking for example)?
- Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)
Thanks in advance!
Note: I don't want to use progressive download (no FMS) and no DRM...
I'm using an Apache server.
header ("Content-transfer-encoding: binary");
header ("Content-Type: video/flv");
header("Content-Disposition: ".$this->contentDisposition."; filename=\"".$this->filename. "." . $this->fileExt . "\"");
header("Content-Length: ".$this->size());
$fp = readfile($this->path, "r");
return $fp;
ASKER
- Is it possible to secure access (by session checking for example)?
yes
How? Ideally, I want to check session in a database but here that is not my problem. My problem is to have the same performances on video display when checking user access as when video url is directly set. In other words: how to publish video in a secure way and don't alter the display...
> - Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)
if the video is not published, it is not accessable (except you have a insecure server:), obviously
But what is the question then if you don't publish it?
With a PHP script (cf. code snippet) you are able to read files outsite of www folder (at the same level for example). So you could "indirectly" publish files this way but apparently "things" differs from accessing the file directly...
I want to know what these "things" are and how to fix them.
yes
How? Ideally, I want to check session in a database but here that is not my problem. My problem is to have the same performances on video display when checking user access as when video url is directly set. In other words: how to publish video in a secure way and don't alter the display...
> - Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)
if the video is not published, it is not accessable (except you have a insecure server:), obviously
But what is the question then if you don't publish it?
With a PHP script (cf. code snippet) you are able to read files outsite of www folder (at the same level for example). So you could "indirectly" publish files this way but apparently "things" differs from accessing the file directly...
I want to know what these "things" are and how to fix them.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
yes
> - Is it possible to store videos in a folder taht is not published on the website (not accessible via web browser)
if the video is not published, it is not accessable (except you have a insecure server:), obviously
But what is the question then if you don't publish it?