[Flashcoders] secure FLV linking
hey all I was wondering what is a pretty standard way to call an FLV so its actually path isn't transparent. Like I want to call... http://www.mysite.com/myFLV.flv but I don't want people to be able to see the URL in service capture like that. I want it to be more like http://www.mysite.com/something_encrypted. Sorry i'm not sure how to say what i am looking to do but I hope this makes sense! any direction on the standard for doing something like this would be great! thanks! -- -cb ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] secure FLV linking
You can't hide URL requests, but you could use a proxy script to mask the FLV names. The problem is that like YouTube's get_video.php script, you can still call this from anywhere. YouTube makes it a bit harder by adding on a variable called t that seems to change per video called - it's probably linked to your session or similar. Have a look at the sequence of headers when you load a YouTube page and you will see what I mean. It's a barrier to many, but is easily circumvented - demonstrated by the fact the people can play YouTube FLV's on their own site without the player, etc. - although this is not guaranteed to work and is often flaky, it's a good example. Anyway, google for YouTube FLV proxy or something similar for code examples. Glen Dave Watts wrote: hey all I was wondering what is a pretty standard way to call an FLV so its actually path isn't transparent. Like I want to call... http://www.mysite.com/myFLV.flv but I don't want people to be able to see the URL in service capture like that. I want it to be more like http://www.mysite.com/something_encrypted. Sorry i'm not sure how to say what i am looking to do but I hope this makes sense! any direction on the standard for doing something like this would be great! thanks! There is no standard for doing something like this, because it's not possible. You can't hide URLs requested by the client from network monitoring. You can require authentication for specific URLs, however, using either your web server or your application server. If these FLVs are being streamed through Flash Media Server, it provides authentication functionality. If they're static FLV files, you can enable authentication on your web server, or serve the files through an application server like ColdFusion. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders -- Glen Pike 01326 218440 www.glenpike.co.uk http://www.glenpike.co.uk ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
RE: [Flashcoders] secure FLV linking
hey all I was wondering what is a pretty standard way to call an FLV so its actually path isn't transparent. Like I want to call... http://www.mysite.com/myFLV.flv but I don't want people to be able to see the URL in service capture like that. I want it to be more like http://www.mysite.com/something_encrypted. Sorry i'm not sure how to say what i am looking to do but I hope this makes sense! any direction on the standard for doing something like this would be great! thanks! There is no standard for doing something like this, because it's not possible. You can't hide URLs requested by the client from network monitoring. You can require authentication for specific URLs, however, using either your web server or your application server. If these FLVs are being streamed through Flash Media Server, it provides authentication functionality. If they're static FLV files, you can enable authentication on your web server, or serve the files through an application server like ColdFusion. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
RE: [Flashcoders] secure FLV linking
Actually, Dave's way is much better. I am able to download the flv directly off youtube without any problems. All you need is Fiddler (IE) or Charles (Firefox) to find wich request is actually the FLV file, whether it uses it's real name or a proxy name. The rule is, if your browser can play a file, then you can download it on your computer, unless it is streamed from your server. Alain -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Glen Pike Sent: May 13, 2008 1:15 PM To: Flash Coders List Subject: Re: [Flashcoders] secure FLV linking You can't hide URL requests, but you could use a proxy script to mask the FLV names. The problem is that like YouTube's get_video.php script, you can still call this from anywhere. YouTube makes it a bit harder by adding on a variable called t that seems to change per video called - it's probably linked to your session or similar. Have a look at the sequence of headers when you load a YouTube page and you will see what I mean. It's a barrier to many, but is easily circumvented - demonstrated by the fact the people can play YouTube FLV's on their own site without the player, etc. - although this is not guaranteed to work and is often flaky, it's a good example. Anyway, google for YouTube FLV proxy or something similar for code examples. Glen Dave Watts wrote: hey all I was wondering what is a pretty standard way to call an FLV so its actually path isn't transparent. Like I want to call... http://www.mysite.com/myFLV.flv but I don't want people to be able to see the URL in service capture like that. I want it to be more like http://www.mysite.com/something_encrypted. Sorry i'm not sure how to say what i am looking to do but I hope this makes sense! any direction on the standard for doing something like this would be great! thanks! There is no standard for doing something like this, because it's not possible. You can't hide URLs requested by the client from network monitoring. You can require authentication for specific URLs, however, using either your web server or your application server. If these FLVs are being streamed through Flash Media Server, it provides authentication functionality. If they're static FLV files, you can enable authentication on your web server, or serve the files through an application server like ColdFusion. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders -- Glen Pike 01326 218440 www.glenpike.co.uk http://www.glenpike.co.uk ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
