There may be other solutions as well, but fundamentally, the issue is as Kyle describes (although I'll never say never). Unless you can control the presentation of the movie (i.e. only have your movies play in a special player that you and only you control and force your users to download) or are able to utilize some form of rights protection (which I don't believe Flash has inherently, although maybe it does as part of the Flash Media Server that Kyle references?), then you can't have your cake and eat it too.
The client (in this case the users' web browser) is what is handling the whole downloading of content. The ways of protecting your content from that particular client (any publicly available web browser) are extremely limited and trivial to bypass for a user that knows what they are doing (i.e. spoofing HTTP_REFERER, just running a network scanner on the connection). Even coming up with a solution that is under SSL (to protect against netsniffing), and maybe uses some randomized key/access system that maybe creates a symbolic link for a small window of time if and only if a user has a particular session cookie and has the right access key (a server side module using either a base Apache mod or some sort of server-side logic like PHP or ASP/ASP.NET/Java), and even if you add headers that supposedly tell the browser not to cache the content (there are browsers that won't listen), the fact remains that your downloads are still hanging out on the client's machine relaxing in order to play them at least once as a temporary internet file. Streaming is a superior solution for you, but even then I imagine there are ways of grabbing that streamed content and "playing it back" to a static file that can be passed around depending on what solution you are looking for. Ultimately, the problem becomes one of cost/benefit. What % of content is acceptable for you to have not be protected? And how much is it worth for you to protect that extra N% of content? Because there is no such animal as a foolproof system when it comes to delivering web content that is played to a user. Is your Flash content so amazing and mind-blowing that users will care? (I'm presuming you're looking to monetize this content in some way, otherwise there would be no real point to worrying about the protection measures). My experience in the web delivery and advertisement space has led me to the conclusion that you have to allow for a % of users being thieves and pirates. It's the nature of the medium. The hope is that your users who really find your content useful is a significant enough percentage where their monetization is worth the protective measures you put in place. Vincent On Wed, Aug 19, 2009 at 6:59 AM, Getify Solutions, Inc. <[email protected]>wrote: > > If you want protection, you need to use Flash Media Server. It will stream > the FLV's over RTMP to the flash player, meaning they aren't files that > show > up in the cache, nor can they be accessed directly (except from any flash > player). Unfortunately, that's not cheap or particularly trivial to set up, > but it's your best bet. It's a paradigm problem that you want the file to > simultaneously be available via HTTP and not be available via HTTP. The > only > solution is have it delivered over some other protected protocol that a > server application is running on and can control. > > --Kyle > > > > > -------------------------------------------------- > From: "VideoT" <[email protected]> > Sent: Wednesday, August 19, 2009 8:55 AM > To: "SWFObject" <[email protected]> > Subject: Re: .htaccess preventing .flv from loading > > > > > I'd really love to see if anyone can come up with this issue. > > I just cant believe that no protection is available for this. > > > > Funny :( > > > > > > > > > > > > On 6 Ağustos, 06:37, Aran Rhee <[email protected]> wrote: > >> This is not really related to swfobject directly, so Google will be your > >> friend for this question. > >> > >> with a term like "protect flv from direct download" you will find links > >> like:http://flowplayer.org/forum/2/16058 > >> > >> which go through the sort of thing you are after. I don't think > .htaccess > >> is the right direction of travel... > >> > >> Aran > >> > >> On Thu, Aug 6, 2009 at 12:20 PM, Alistair <[email protected]> > >> wrote: > >> > >> > Hi > >> > >> > I am having problems protecting my .flv files from direct download. > >> > >> > I want the video to be viewable in the SWFObject player displayed in > >> > my PHP page. But I don't want the user being able to access them > >> > directly via the URL. > >> > >> > I have added a .htaccess file in the video directory as follows > >> > >> > # no one gets in here! > >> > deny from all > >> > >> > This stops the download but also stops the video from playing in the > >> > SWFObject > >> > >> > I have tried adding > >> > allow from localhost > >> > allow from 127.0.0.1 > >> > >> > but no joy. > >> > >> > The SWFObject code is as follows > >> > >> > <script type='text/javascript'> > >> > >> > var s1 = new SWFObject('applications/ > >> > player.swf','player','640','380','9'); > >> > >> > s1.addParam('allowfullscreen','true'); > >> > >> > s1.addParam('allowscriptaccess','always'); > >> > >> > s1.addParam('flashvars','file=../video/ > >> > gtv.flv&displayclick=fullscreen&title=Site > >> > Title&icons=false&fullscreen=true&autostart=true&skin=applications/ > >> > nacht.swf'); > >> > >> > s1.write('flashtest'); > >> > >> > </script> > >> > </div> > >> > >> > The video file plays in the player fine if I take away .htaccess. > >> > >> > Is there a best practice for protecting your video content from direct > >> > download? > >> > >> > Alistair > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "SWFObject" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/swfobject?hl=en -~----------~----~----~----~------~----~------~--~---
