On 12/14/06, Alex Thurlow <[EMAIL PROTECTED]> wrote: > I'm not sure if this is the right place to ask, but I thought some > people here might have some knowledge on the subject and could at least > tell me if it was possible. > > I am a web publisher who does VOD music videos. Because of label > agreements, I can't let people download the videos, just stream them. I > know that by streaming to them, I can't stop them from getting the > video, but I need to make it inconvenient. We've traditionally used > Windows Media and Real, which are true streaming and make it hard to save. > The wave of the future is flash though. We're rolling it out, but > unfortunately, Red5 is not quite ready for what we need. We push about > 500 simultaneous 700k video streams at any given time, and red5 can't > quite keep up yet. > So we're just using progressive download with lighttpd right now. > The problem is, no matter how we even try to hid the playlist and > filename, the file just ends up in the user's browser cache if they know > where to look.
You probably should look into using a CDN for the file serving for this kind of app. It's a pain in the ass to do it properly yourself... > Basically, the idea I had was to use some sort of stream cipher on > the video. I could pre-encode them, and then serve them to the player. > Would it be possible, in flash, to have the player run that cipher back > over the video before playing? That way, without a lot of work, the > videos wouldn't play outside my player. It wouldn't necessarily need to > be real encryption either. If some sort of bit-shift or bit-mask would > be possible, that would work too. > > I know it's sort of a dumb problem, but with the legal landscape the way > it is these days, I need to try to solve this. Don't bother; you can't serve anything but plain unencumbered FLV over HTTP. I can only make three suggestions: 1) Expire the HTTP links, so that they can't fetch them more than once. They'd need a proxy to save the stream. 2) Watermark the stream so that it can be tracked back to a particular user. The easiest way is with metadata tags, but if you become popular enough someone will put together a tool that makes them trivial to strip out. You'd then have to find a more clever way to stow that data (e.g. use steganography; maybe flipping a few bits on the timestamps in a particular way, or hiding data in clever places in the audio or video frames). 3) Split the files up into a bunch of chunks that are progressively fetched at the right time, so then it'd have to be reassembled later. This is a real pain and probably isn't worth it; if your service gets popular then someone will write a proxy that saves the files and splices them back together. The browser cache shouldn't be a problem if you're sending the right headers, btw. The easiest thing you can do is find a CDN that offers link expiration, then you don't have to worry about hosting and you get reasonable security. Take a look at CacheFly. I haven't used that part of their service (I think they call it ProtectServe), but I've used the rest of it. It's reasonably priced and performs as expected. The other CDNs are more expensive, don't publish their prices, and don't let you Just Sign Up. There are higher caliber CDNs that you should look into down the road, but CacheFly is a good start (especially considering that the first 30 days are free). ... and no, I don't work for CacheFly, nor am I getting special pricing or bonuses of any kind. I've just used the service and it does what it's supposed to do. I just appreciate that they're open about their prices and you can sign up without having to talk to a sales team. -bob _______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
