You will recieve your password to this address. Address is not made public.

Your preferred username that is used when logging in.

Secure streaming with Lighttpd server Advanced streaming plugins - Demo 8 / 10

Secure streaming and the Lighttpd server

The Secure Streaming plugin supports lighttpd's mod_secdownload secure download module. This module accepts secured URL's that are valid for a limited time. Here is an example of this module in action:

Resolved URL shown here

This time we are using a varying timestamp value making the actual video URL different on each request. The mod_secdownload module can understand the hashed URL and will serve the correct video file. Users can see the URL from networking consoles or from Firebug, but it will be valid for a limited time only. You can alter the time limit with the ecdownload.timeout variable in the lighttpd configuration file.

Here we are using a time limit of 10 seconds. If you use the URL below, after this delay the player should not work anymore. Our video is guaranteed to be secure. It should be noted that if you have splash setups where the player is loaded only after it is clicked then the delay should be much larger. YouTube uses this same mechanism with a delay of 30 minutes or so.

HTML coding

As you can see there is just a container with a nested splash image. the video file is specified in the href attribute and it is the only part of the URL that can be seen from the page's source code. 

<!-- player container without splash. Note the /secvideo/ path element that we have also configured
     in lighttpd to be the secure content area for mod_secdownload -->
<a
	href="http://193.33.186.56/secvideo/Extremists.flv"
	style="display:block;width:425px;height:300px;"
	id="lighty">
</a>

<!-- info box -->
<div class="info box" id="info">
	Resolved URL shown here
</div>

Flowplayer configuration

The timestamp was calculated using Java with Long.toHexString(System.currentTimeMillis()/1000). The token is the same as in the Lighttpd configuration file. 

flowplayer("lighty", "http://releases.flowplayer.org/swf/flowplayer-3.1.5.swf", {

	// enable secure streaming plugin
	plugins: {

		secure: {
			// path to latest version
			url: 'flowplayer.securestreaming-3.1.1.swf',

			// URL used to fetch a timestamp from the server
			timestamp: '4ba15435',

			// identical to lighttpd.conf / secdownload.secret
			token: 'simplek'
		}
	},

	clip: {

		// make the video clip use our secure streaming plugin
		urlResolvers: 'secure',

		onStart: function(clip) {
			document.getElementById("info").innerHTML = clip.url;
		}

	}

});

The token will be visible in the player configuration when it's embedded in an HTML page. This proves a medium level of security because people can make programs that can generate secure URL's automatically. For full security you need to compile the token inside the plugin. You can do this yourself or you may purchase one from us.

You may also leave the token field empty and use the default value of this token. It is sn983pjcnhupclavsnda and it's also visible in the public source code of this plugin (hosted at Google code). This offers slightly better security than the above example.


Take a look at a standalone version of this demo. View its source code to get things going on your own page.