Re: Serving Videos with LC/iRev

[Richard Gaskin]

Stephen Barncard wrote:

> On Mon, Nov 28, 2016 at 2:45 PM, Richard Gaskin wrote:
>
>> In most of my server systems I even keep stack files outside of
>> the web root, served up with my CGI.  This keeps them safely away
>> from spiders, and allows me to ensure authentication before access.
>
> thanks, Richard, to confirm this - the cgi thing of course appears
> to still be the best way.

I don't understand: AFAIK with LiveCode Server, CGI is the only way it 
can interface with web servers like Apache.


Is there another way?


> Do you have a lesson or page that describes this method?
> This topic comes up often.

Somehow I've missed that.

I just read the file and hand the file's data back to Apache.

What problems have people had with reading and returning binary data 
with LiveCode Server?


--
 Richard Gaskin
 Fourth World Systems
 Software Design and Development for the Desktop, Mobile, and the Web
 
 ambassa...@fourthworld.comhttp://www.FourthWorld.com

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Serving Videos with LC/iRev

[Stephen Barncard]

On Mon, Nov 28, 2016 at 2:45 PM, Richard Gaskin 
wrote:

> In most of my server systems I even keep stack files outside of the web
> root, served up with my CGI.  This keeps them safely away from spiders, and
> allows me to ensure authentication before access.


thanks, Richard, to confirm this - the cgi thing of course appears to still
be the best way. Do you have a lesson or page that describes this method?
This topic comes up often.

sqb

--
Stephen Barncard - Sebastopol Ca. USA -
mixstream.org
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Serving Videos with LC/iRev

[Richard Gaskin]

Rick Harrison wrote:

>> On Nov 28, 2016, at 4:44 PM, Stephen Barncard wrote:
>>
>> FYI  the PHP forums mentioned devious ways to get info from folders
>> outside of web root using INCLUDE.
>>
>> In a test with LIVECODE SERVER I was able to get html data from a
>> text file inside of a folder above a web root using INCLUDE  but I
>> didn't explore further.
>
> Hmm.. that’s rather disturbing for security isn’t it.
> So much for PHP.  That’s why it’s best not to
> set up PHP to be able to be used on servers.

Just about any language that can support file I/O can read and write 
files from any location it has access to.


Scripting engines don't generally care whether they're asked to read:

/home/user/htdocs/something.lc

...or:

   /home/user/something.lc

If you set your folder and file permissions correctly, and properly 
sanitize inputs, there's nothing inherently unsafe about it.


On the contrary, sometimes it can be safer to be able to make use of 
data stored outside the web root, under the control of your script.


For example, Wordpress, Drupal, and most other systems that need to 
connect to a database need to store the password to the DB somewhere. 
Keeping that in the web root would be unsafe, so those systems usually 
keep it outside of that.


In most of my server systems I even keep stack files outside of the web 
root, served up with my CGI.  This keeps them safely away from spiders, 
and allows me to ensure authentication before access.


--
 Richard Gaskin
 Fourth World Systems
 Software Design and Development for the Desktop, Mobile, and the Web
 
 ambassa...@fourthworld.comhttp://www.FourthWorld.com

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Serving Videos with LC/iRev

[Rick Harrison]

Hi Stephen,

Hmm.. that’s rather disturbing for security isn’t it.
So much for PHP.  That’s why it’s best not to
set up PHP to be able to be used on servers.

Thanks for the information.

Rick

> On Nov 28, 2016, at 4:44 PM, Stephen Barncard  wrote:
> 
> FYI  the PHP forums mentioned devious ways to get info from folders outside
> of web root using INCLUDE.
> 
> In a test with LIVECODE SERVER I was able to get html data from a text file
> inside of a folder above a web root using INCLUDE   but I didn't explore
> further.

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Serving Videos with LC/iRev

[Stephen Barncard]

On Mon, Nov 28, 2016 at 9:26 AM, Richard Harrison  wrote:

> Well I was trying to talk in black-box terms here, but I can
> see that isn’t sufficient information for you as inquiring
> minds always want to know.  It really shouldn’t hurt if
> I reveal the third party anyway.
>

FYI  the PHP forums mentioned devious ways to get info from folders outside
of web root using INCLUDE.

In a test with LIVECODE SERVER I was able to get html data from a text file
inside of a folder above a web root using INCLUDE   but I didn't explore
further.
--
Stephen Barncard - Sebastopol Ca. USA -
mixstream.org
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Serving Videos with LC/iRev

[Richard Harrison]

Hi Mark,

Well I was trying to talk in black-box terms here, but I can
see that isn’t sufficient information for you as inquiring
minds always want to know.  It really shouldn’t hurt if
I reveal the third party anyway.

I have an enhanced eBook with an embedded video in it.
I was able to publish it to Apple’s iTunes store in the EPub 3
format just fine, without having to resort to using
iBooks Author to create the book.  The plus side of
that is I don’t have an exclusive obligation to Apple
if I do it that way, and I can publish the book elsewhere.

So the next good place to publish the eBook would be
to Amazon.com .  Unfortunately, they want their books
to use the .mobi format.  That format does not allow
embedded content such as videos etc.  You have only
one way to share enhanced content and that’s by
giving out a URL link to one’s web content.  That
URL is a fixed link in the book once it’s published,
and will always go to the same place.

So yes, I could painfully decide not to publish to
Amazon.com  but I’d rather not have to not use them
as they are pretty big.  Now you can understand
my problem and my attempted solution.

Thank you for your input!

Rick


On Nov 27, 2016, at 10:06 AM, Mark Schonewille <
m.schonewi...@economy-x-talk.com> wrote:

Hi Rick,

That third party must have an API for it. If not, you need to change the
vendor. I can't be that e.g. Apple sells music, while everybody is able to
download the content once it has been bought by one person. Can you tell
the name of that third party?

Kind regards,

Mark Schonewille
http://economy-x-talk.com
https://www.facebook.com/marksch
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Serving Videos with LC/iRev

[Robert Brenstein]

On 27.11.2016 at 10:37 Uhr -0500 Rick Harrison apparently wrote:

So the next good place to publish the eBook would be
to Amazon.com .  Unfortunately, they want their books
to use the .mobi format.  That format does not allow
embedded content such as videos etc.  You have only
one way to share enhanced content and that's by
giving out a URL link to one's web content.  That
URL is a fixed link in the book once it's published,
and will always go to the same place.


Sounds like the LC/iRev script will not solve your problem either. 
Even if your server obfuscates the real URL, people can simply pass 
the link published in the ebook. It seems to me that the real issue 
for you is how to uniquely and reliably identify users who are 
authorized to see your video. I venture that you need to somehow tap 
into the unique identification attached to each online purchase.


RObert

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Serving Videos with LC/iRev

[Stephen Barncard]

Hi Rick,
yes, yes, I know, I was plugging the player because it's so extensible and
it uses a playlist, but there's ways to use Apache to allow local
executables like livecode server (but not Joe Web User) to access
directories ABOVE the website root from script. and if any 'address'
would be revealed, it would still be useless information as it would be
inaccessible from the web.

 I remember one of the first 'web apps' did this, it was called 'Gallery'.
All the photos were stored in a special directory above web root for a site.

I think the answer might be in here.
http://httpd.apache.org/docs/trunk/urlmapping.html

a htaccess file can do a lot of things, including allowing livecode server
to run in cgi-bin, another web-inaccessible place.

just throwing some things out there. I think the answer will be pretty
simple.


On Sun, Nov 27, 2016 at 7:17 AM, Rick Harrison 
wrote:

> Hi Stephen,
>
> Thanks for the link to the video player.
>
> However when I look at the page source code I see:
>
> http://media.barncard.
> com/video/joni-cbc.png" />
>  >
> jwplayer.key="
> XLyrcd150kfRyTFsfsheTexshhjaa431eedjs==";
>
> I altered the key here for security reasons before posting so it won’t
> work for anyone, just in case.
>



--
Stephen Barncard - Sebastopol Ca. USA -
mixstream.org
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Serving Videos with LC/iRev

[Rick Harrison]

Hi Mark,

Well I was trying to talk in black-box terms here, but I can
see that isn’t sufficient information for you as inquiring 
minds always want to know.  It really shouldn’t hurt if
I reveal the third party anyway.  

I have an enhanced eBook with an embedded video in it.  
I was able to publish it to Apple’s iTunes store in the EPub 3
format just fine, without having to resort to using
iBooks Author to create the book.  The plus side of
that is I don’t have an exclusive obligation to Apple
if I do it that way, and I can publish the book elsewhere.

So the next good place to publish the eBook would be
to Amazon.com .  Unfortunately, they want their books
to use the .mobi format.  That format does not allow
embedded content such as videos etc.  You have only
one way to share enhanced content and that’s by
giving out a URL link to one’s web content.  That
URL is a fixed link in the book once it’s published,
and will always go to the same place.

So yes, I could painfully decide not to publish to
Amazon.com  but I’d rather not have to not use them
as they are pretty big.  Now you can understand
my problem and my attempted solution.

Thank you for your input!

Rick


> On Nov 27, 2016, at 10:06 AM, Mark Schonewille 
>  wrote:
> 
> Hi Rick,
> 
> That third party must have an API for it. If not, you need to change the 
> vendor. I can't be that e.g. Apple sells music, while everybody is able to 
> download the content once it has been bought by one person. Can you tell the 
> name of that third party?
> 
> Kind regards,
> 
> Mark Schonewille
> http://economy-x-talk.com 
> https://www.facebook.com/marksch 
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Serving Videos with LC/iRev

[Rick Harrison]

Hi Stephen,

Thanks for the link to the video player.

However when I look at the page source code I see:

http://media.barncard.com/video/joni-cbc.png; />

jwplayer.key="XLyrcd150kfRyTFsfsheTexshhjaa431eedjs==";

I altered the key here for security reasons before posting so it won’t work for 
anyone, just in case.

Anyway I’m looking for a way to prevent non-paying user from seeing the correct 
URL to the video content.
I’m not sure this will accomplish that as I was certainly able to view it here.

Thank you for your time and suggestions!

Rick



> On Nov 26, 2016, at 10:57 PM, stephen barncard 
>  wrote:
> 
> On Sat, Nov 26, 2016 at 4:48 PM, Rick Harrison 
> wrote:
> 
>> 
>> I have a video I want to serve from
>> an LC/iRev Server.  I want to do it
>> from within an iRev script on the
>> LC Server so that the URL of the
>> video is hidden in the code from the
>> user if possible.
> 
> 
> Look into the JW player ... it calls javascript
> but you can imbed it into a LC server page. I've made an online player that
> looks at the contents of a folder, gets the file-list, and creates the
> display page.
> 
> I eventually want to integrate it into a RevBurner system so right now
> it's for personal stuff and proof of performance. But it also can be made
> to work with a fixed playlist:
> 
> 
> *file: "joni_on_first_album_Croz.m4v",image: "joni-cbc.png",*
> *title: "01joni on first album Croz.m4v"*
> 
> 
> The JW player can be branded if you pay a little.
> 
> Here's my player in situ, business code in Livecode inserting javascript
> into the presentation layer:
> 
> http://media.barncard.com/video/joni_on_first_album/audio.irev
> 
> Stephen Barncard - Sebastopol Ca. USA -
> mixstream.org
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Serving Videos with LC/iRev

[Mark Schonewille]

Hi Rick,

That third party must have an API for it. If not, you need to change the 
vendor. I can't be that e.g. Apple sells music, while everybody is able 
to download the content once it has been bought by one person. Can you 
tell the name of that third party?


Kind regards,

Mark Schonewille
http://economy-x-talk.com
https://www.facebook.com/marksch

Buy the most extensive book on the
LiveCode language:
http://livecodebeginner.economy-x-talk.com

Op 27-Nov-16 om 03:44 schreef Rick Harrison:

Hi Mark,

That sounds good except that the user is purchasing from me through a third 
party
and I have no good way of validating.  I can attach a number to the URL but that
same number will be on every unit purchased and visible to the user.  I can’t 
make
it unique for every unit purchased.  That’s why I’d rather jump a couple of 
URL’s and
have the last one hidden or unknown to the user.

Other ideas?

Thanks,

Rick


On Nov 26, 2016, at 9:09 PM, Mark Schonewille 
 wrote:

Instead of hiding the URL, you could write a script that creates a key 
depending on user credentials and a unique number, say the time, and add it to 
the URL. The code should follow some some rules, e.g. the last part of the code 
could be a hash. Encrypt the information in your app and decrypt it on the 
server. If the user credentials are correct and the unique code is correct and 
hasn't been used yet, send the video, and reject the request otherwise.

Kind regards,

Mark Schonewille
http://economy-x-talk.com 
https://www.facebook.com/marksch 

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode



___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Serving Videos with LC/iRev

[Rick Harrison]

Hi Phil,

One can hide real URLs in the browser URL box, and I’ve done that before.
The problem is that if someone looks at the page source code that’s in the
browser, then the real URL is revealed.  I need a language that doesn’t
reveal it’s source code in the browser.  I thought that iRev/LC tags might
be able to do that for me.  

Unfortunately, I do not get any email from the purchasers so there isn’t
a good way to track/tag real customers.  What I need is for real users
to be able to get their content and to not be able to share that information
with others.  The others who haven’t paid shouldn’t be able to know
the correct URL to use.

Thank you for your efforts!

Rick

> On Nov 26, 2016, at 10:29 PM, Phil Davis  wrote:
> 
> Hi Rick,
> 
> You can alter URLs using a .htaccess file on the server. e.g. When a person 
> goes to "http://my.site.com/1234/video.html 
> " they see "http://my.site.com/show 
> " in the browser URL box. I've never done it but I'm 
> sure someone here could comment on this approach.
> 
> I'm thinking there's probably some kind of dance the server code can do where 
> if a person tries to access the video using that final URL directly, it would 
> refuse. Or maybe the server would simply return a 404. Not sure.
> 
> Do you receive the emails of purchasers? Could you ask them to enter it 
> before watching? That wouldn't prevent abuse but at least you could track 
> likely suspects.
> 
> Phil Davis

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Serving Videos with LC/iRev

[stephen barncard]

On Sat, Nov 26, 2016 at 7:57 PM, stephen barncard <
stephenrevoluti...@barncard.com> wrote:

> Here's my player in situ, business code in Livecode inserting javascript
> into the presentation layer:
>
> http://media.barncard.com/video/joni_on_first_album/audio.irev
>

this particular player makes no attempt to obfuscate the location of the
files in source but you could put the files in a protected folder, they
don't have to be in the same directory as the 'player'.

Stephen Barncard - Sebastopol Ca. USA -
mixstream.org
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Serving Videos with LC/iRev

[stephen barncard]

On Sat, Nov 26, 2016 at 4:48 PM, Rick Harrison 
wrote:

>
> I have a video I want to serve from
> an LC/iRev Server.  I want to do it
> from within an iRev script on the
> LC Server so that the URL of the
> video is hidden in the code from the
> user if possible.


Look into the JW player ... it calls javascript
but you can imbed it into a LC server page. I've made an online player that
looks at the contents of a folder, gets the file-list, and creates the
display page.

 I eventually want to integrate it into a RevBurner system so right now
it's for personal stuff and proof of performance. But it also can be made
to work with a fixed playlist:


*file: "joni_on_first_album_Croz.m4v",image: "joni-cbc.png",*
*title: "01joni on first album Croz.m4v"*


The JW player can be branded if you pay a little.

Here's my player in situ, business code in Livecode inserting javascript
into the presentation layer:

http://media.barncard.com/video/joni_on_first_album/audio.irev

Stephen Barncard - Sebastopol Ca. USA -
mixstream.org
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Serving Videos with LC/iRev

[Phil Davis]

Hi Rick,

You can alter URLs using a .htaccess file on the server. e.g. When a 
person goes to "http://my.site.com/1234/video.html; they see 
"http://my.site.com/show; in the browser URL box. I've never done it but 
I'm sure someone here could comment on this approach.


I'm thinking there's probably some kind of dance the server code can do 
where if a person tries to access the video using that final URL 
directly, it would refuse. Or maybe the server would simply return a 
404. Not sure.


Do you receive the emails of purchasers? Could you ask them to enter it 
before watching? That wouldn't prevent abuse but at least you could 
track likely suspects.


Phil Davis


On 11/26/16 6:44 PM, Rick Harrison wrote:

Hi Mark,

That sounds good except that the user is purchasing from me through a third 
party
and I have no good way of validating.  I can attach a number to the URL but that
same number will be on every unit purchased and visible to the user.  I can’t 
make
it unique for every unit purchased.  That’s why I’d rather jump a couple of 
URL’s and
have the last one hidden or unknown to the user.

Other ideas?

Thanks,

Rick


On Nov 26, 2016, at 9:09 PM, Mark Schonewille 
 wrote:

Instead of hiding the URL, you could write a script that creates a key 
depending on user credentials and a unique number, say the time, and add it to 
the URL. The code should follow some some rules, e.g. the last part of the code 
could be a hash. Encrypt the information in your app and decrypt it on the 
server. If the user credentials are correct and the unique code is correct and 
hasn't been used yet, send the video, and reject the request otherwise.

Kind regards,

Mark Schonewille
http://economy-x-talk.com 
https://www.facebook.com/marksch 

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


--
Phil Davis


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Serving Videos with LC/iRev

[Rick Harrison]

Hi Mark,

That sounds good except that the user is purchasing from me through a third 
party
and I have no good way of validating.  I can attach a number to the URL but that
same number will be on every unit purchased and visible to the user.  I can’t 
make
it unique for every unit purchased.  That’s why I’d rather jump a couple of 
URL’s and
have the last one hidden or unknown to the user.

Other ideas?

Thanks,

Rick

> On Nov 26, 2016, at 9:09 PM, Mark Schonewille 
>  wrote:
> 
> Instead of hiding the URL, you could write a script that creates a key 
> depending on user credentials and a unique number, say the time, and add it 
> to the URL. The code should follow some some rules, e.g. the last part of the 
> code could be a hash. Encrypt the information in your app and decrypt it on 
> the server. If the user credentials are correct and the unique code is 
> correct and hasn't been used yet, send the video, and reject the request 
> otherwise.
> 
> Kind regards,
> 
> Mark Schonewille
> http://economy-x-talk.com 
> https://www.facebook.com/marksch 
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Serving Videos with LC/iRev

[Mark Schonewille]

Instead of hiding the URL, you could write a script that creates a key 
depending on user credentials and a unique number, say the time, and add 
it to the URL. The code should follow some some rules, e.g. the last 
part of the code could be a hash. Encrypt the information in your app 
and decrypt it on the server. If the user credentials are correct and 
the unique code is correct and hasn't been used yet, send the video, and 
reject the request otherwise.


Kind regards,

Mark Schonewille
http://economy-x-talk.com
https://www.facebook.com/marksch

Buy the most extensive book on the
LiveCode language:
http://livecodebeginner.economy-x-talk.com

Op 27-Nov-16 om 01:48 schreef Rick Harrison:

Hi there,

I have a video I want to serve from
an LC/iRev Server.  I want to do it
from within an iRev script on the
LC Server so that the URL of the
video is hidden in the code from the
user if possible.

Basically I want people who pay me to
see my video to be able to view my
video, but I don’t want them to be
able to easily find the URL, by looking
at the source code, and start giving it
out to their friends for free.

Suggestions?

Thanks in advance!

Rick



___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode



___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Serving Videos with LC/iRev

[Rick Harrison]

Hi there,

I have a video I want to serve from
an LC/iRev Server.  I want to do it
from within an iRev script on the
LC Server so that the URL of the
video is hidden in the code from the
user if possible.

Basically I want people who pay me to
see my video to be able to view my 
video, but I don’t want them to be 
able to easily find the URL, by looking 
at the source code, and start giving it 
out to their friends for free.

Suggestions?

Thanks in advance!

Rick



___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode