[flexcoders] Need help with protecting FLVs
Nutshell: I am working with a handful of FLVs for a tech demo that I am creating and want to prevent them from being downloaded. Does anyone have a good idea about how I can go about doing this? Longer version: I have encoded FLVs sitting in a web directory (because contentPath requires a location string), but that also means that a user can type in the name of the file and download the FLV directly (I get the download box when I type out the name of the FLV). I tried putting the files on a web server inside the firewall, thinking that the Flex server would somehow magically act as a proxy just for the Flex application. Worked fine as long as I was sitting inside the firewall ;) Any ideas would be great! Thanks, Jeff http://www.flexauthority.com Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
RE: [flexcoders] Need help with protecting FLVs
Hi Jeff, You'll probably have to stick the FLV somewhere protected on the server (outwith the webapp context, or under WEB-INF, for example) and write a servlet to serve them, remembering to set the mime type. Of course, people could still use the servlet to retrieve the FLV, but its less of a risk (security through obscurity). If this is a problem, you could create some sort of session token, created by the server and passed back to the client, which must then be passed to the servlet to validate. Cheers, Ali -- Alistair McLeod Development Director iteration::two [EMAIL PROTECTED] Office: +44 (0)131 338 6108 This e-mail and any associated attachments transmitted with it may contain confidential information and must not be copied, or disclosed, or used by anyone other than the intended recipient(s). If you are not the intended recipient(s) please destroy this e-mail, and any copies of it, immediately. Please also note that while software systems have been used to try to ensure that this e-mail has been swept for viruses, iteration::two do not accept responsibility for any damage or loss caused in respect of any viruses transmitted by the e-mail. Please ensure your own checks are carried out before any attachments are opened. -Original Message- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Steiner Sent: 07 June 2005 07:04 To: flexcoders@yahoogroups.com Subject: [flexcoders] Need help with protecting FLVs Nutshell: I am working with a handful of FLVs for a tech demo that I am creating and want to prevent them from being downloaded. Does anyone have a good idea about how I can go about doing this? Longer version: I have encoded FLVs sitting in a web directory (because contentPath requires a location string), but that also means that a user can type in the name of the file and download the FLV directly (I get the download box when I type out the name of the FLV). I tried putting the files on a web server inside the firewall, thinking that the Flex server would somehow magically act as a proxy just for the Flex application. Worked fine as long as I was sitting inside the firewall ;) Any ideas would be great! Thanks, Jeff http://www.flexauthority.com Yahoo! Groups Links Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
RE: [flexcoders] Need help with protecting FLVs
Given that Flex is targeted at OEMs, however, it may be very desirable to offer some type of key-based encryption/decryption so that OEMs/ISVs can protect their intellectual property. Rick Bullotta CTO Lighthammer Software www.lighthammer.com From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Abdul Qabiz Sent: Tuesday, June 07, 2005 8:57 AM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Need help with protecting FLVs Or use Flash Communication Server to achieve true streaming and the best security... -abdul -Original Message- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Alistair McLeod Sent: Tuesday, June 07, 2005 2:45 PM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Need help with protecting FLVs Hi Jeff, You'll probably have to stick the FLV somewhere protected on the server (outwith the webapp context, or under WEB-INF, for example) and write a servlet to serve them, remembering to set the mime type. Of course, people could still use the servlet to retrieve the FLV, but its less of a risk (security through obscurity). If this is a problem, you could create some sort of session token, created by the server and passed back to the client, which must then be passed to the servlet to validate. Cheers, Ali -- Alistair McLeod Development Director iteration::two [EMAIL PROTECTED] Office: +44 (0)131 338 6108 This e-mail and any associated attachments transmitted with it may contain confidential information and must not be copied, or disclosed, or used by anyone other than the intended recipient(s). If you are not the intended recipient(s) please destroy this e-mail, and any copies of it, immediately. Please also note that while software systems have been used to try to ensure that this e-mail has been swept for viruses, iteration::two do not accept responsibility for any damage or loss caused in respect of any viruses transmitted by the e-mail. Please ensure your own checks are carried out before any attachments are opened. -Original Message- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Steiner Sent: 07 June 2005 07:04 To: flexcoders@yahoogroups.com Subject: [flexcoders] Need help with protecting FLVs Nutshell: I am working with a handful of FLVs for a tech demo that I am creating and want to prevent them from being downloaded. Does anyone have a good idea about how I can go about doing this? Longer version: I have encoded FLVs sitting in a web directory (because contentPath requires a location string), but that also means that a user can type in the name of the file and download the FLV directly (I get the download box when I type out the name of the FLV). I tried putting the files on a web server inside the firewall, thinking that the Flex server would somehow magically act as a proxy just for the Flex application. Worked fine as long as I was sitting inside the firewall ;) Any ideas would be great! Thanks, Jeff http://www.flexauthority.com Yahoo! Groups Links Yahoo! Groups Links Yahoo! Groups Links To visit your group on the web, go to:http://groups.yahoo.com/group/flexcoders/ To unsubscribe from this group, send an email to:[EMAIL PROTECTED] Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
Re: [flexcoders] Need help with protecting FLVs
Kind of hard to justify Flash Comm Server price for a tech demo. Not that I would turn down a free copy if one was given to me. Jeff - Original Message - From: Abdul Qabiz [EMAIL PROTECTED] To: flexcoders@yahoogroups.com Sent: Tuesday, June 07, 2005 5:57 AM Subject: RE: [flexcoders] Need help with protecting FLVs Or use Flash Communication Server to achieve true streaming and the best security... -abdul -Original Message- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Alistair McLeod Sent: Tuesday, June 07, 2005 2:45 PM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Need help with protecting FLVs Hi Jeff, You'll probably have to stick the FLV somewhere protected on the server (outwith the webapp context, or under WEB-INF, for example) and write a servlet to serve them, remembering to set the mime type. Of course, people could still use the servlet to retrieve the FLV, but its less of a risk (security through obscurity). If this is a problem, you could create some sort of session token, created by the server and passed back to the client, which must then be passed to the servlet to validate. Cheers, Ali -- Alistair McLeod Development Director iteration::two [EMAIL PROTECTED] Office: +44 (0)131 338 6108 This e-mail and any associated attachments transmitted with it may contain confidential information and must not be copied, or disclosed, or used by anyone other than the intended recipient(s). If you are not the intended recipient(s) please destroy this e-mail, and any copies of it, immediately. Please also note that while software systems have been used to try to ensure that this e-mail has been swept for viruses, iteration::two do not accept responsibility for any damage or loss caused in respect of any viruses transmitted by the e-mail. Please ensure your own checks are carried out before any attachments are opened. -Original Message- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Steiner Sent: 07 June 2005 07:04 To: flexcoders@yahoogroups.com Subject: [flexcoders] Need help with protecting FLVs Nutshell: I am working with a handful of FLVs for a tech demo that I am creating and want to prevent them from being downloaded. Does anyone have a good idea about how I can go about doing this? Longer version: I have encoded FLVs sitting in a web directory (because contentPath requires a location string), but that also means that a user can type in the name of the file and download the FLV directly (I get the download box when I type out the name of the FLV). I tried putting the files on a web server inside the firewall, thinking that the Flex server would somehow magically act as a proxy just for the Flex application. Worked fine as long as I was sitting inside the firewall ;) Any ideas would be great! Thanks, Jeff http://www.flexauthority.com Yahoo! Groups Links Yahoo! Groups Links Yahoo! Groups Links Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re: [flexcoders] Need help with protecting FLVs
Okay, this is just a random idea and I can't offer code snippets because I haven't successfully pulled it off. I have however thought about this very issue the last couple weeks for one of my own projects. My idea was to put the FLVs in a directory with a .htaccess file that passes all requests through to a script. The script checks to see if the referrer is the flash movie that should be calling them then does a redirect to the file. It's a bit processor intensive as the script has to pipe the file through itself. Also, if someone really wants the files they can just spoof the referrer. Just my $0.02, hope it leads to something. Seth / Jeff Steiner wrote: Nutshell: I am working with a handful of FLVs for a tech demo that I am creating and want to prevent them from being downloaded. Does anyone have a good idea about how I can go about doing this? Longer version: I have encoded FLVs sitting in a web directory (because contentPath requires a location string), but that also means that a user can type in the name of the file and download the FLV directly (I get the download box when I type out the name of the FLV). I tried putting the files on a web server inside the firewall, thinking that the Flex server would somehow magically act as a proxy just for the Flex application. Worked fine as long as I was sitting inside the firewall ;) Any ideas would be great! Thanks, Jeff http://www.flexauthority.com Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re: [flexcoders] Need help with protecting FLVs
Wouldn't it be cool if the MediaDisplay component supported some kind
of authentication mechanism, at least for FLVs downloaded via HTTP?
mx:MediaDisplay contentPath=http://my.com/protected.flv;
username={httpUsername} password={httpPassword} /
Or:
mx:MediaDisplay contentPath=http://my.com/protected.flv;
sessionId={sessionId} /
Or:
mx:MediaDisplay contentPath=http://my.com/protected.flv;
httpParameters={authParams} /
I'm not very familiar with the various authentication mechanisms, but
this seems doable.
Yahoo! Groups Links
* To visit your group on the web, go to:
http://groups.yahoo.com/group/flexcoders/
* To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
* Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
