This is a message.

URL Obfuscation

Basic url obfuscation using the secure streaming plugin.

Search engine friendly content
standalone demo

The URL is secured using the secure streaming plugin. The purpose of this demo is to teach you the basics of securing the video path. Check also the other secure streaming demos to learn more.

With HTTP-based security, the trick is to alter the requested URL. This example uses the ExtremistsHD.flv video file that can be seen in the page's source code. When the video file is requested, the path of the file is "hashed" and it takes the following format: 

/vod/demo.flowplayervod/027a89fc1b8967ebc564af80c68db0ce/987987987/Extremists.flv

Bash

HTML

<!-- player container-->
<a href="ExtremistsHd.flv"    class="player"
    style="display:block;width:425px;height:300px;margin:10px auto"
    id="player">
    <!-- splash image inside the container -->
<img src="/media/img/home/flow_eye.jpg"
    alt="Search engine friendly content" /></a>

HTML

Configuration

We need to configure our secure plugin with two variables: timestamp and token. Both of these variables are used in generating the hashed file path. This simple demo uses a hard coded timestamp value so that the hashed path will not change from request to request. This gives us the ability to demonstrate the principles of hashing without any server-side logic. 

flowplayer("player", "http://releases.flowplayer.org/swf/flowplayer-3.2.11.swf", {
 
 // enable secure streaming plugin
 plugins: {
 
    secure: {
        // path to the latest version
        url: "http://releases.flowplayer.org/swf/flowplayer.securestreaming-3.2.8.swf",
 
        // a hard-coded timestamp
        timestamp: '987987987',
 
        // a secure token
        token: 'my-token'
        }
 
    },
 
    // make the video clip use our secure streaming plugin
    clip: {
        urlResolvers: 'secure',
 
        // must be given
        baseUrl: 'http://pseudo01.hddn.com/vod/demo.flowplayervod'
    }
 
});

JavaScript

After this his configuration, the actual video URL takes the following format: 

/baseUrl/hash/timestamp/streamName

Bash

The parts of this URL are as follows:

  • baseURL is determined based on the baseURL given in the clip/common clip or in the clip's URL. If baseURL is not explicitly specified, it's the same as the embedding HTML page location.

  • hash is calculated as follows: MD5.hash(token + "/" + streamName + timestamp) where token is specified in the configuration and should match the value on the server.

  • timestamp is date and time given as a hex string. This is the number of seconds since January 1, 1970, 00:00:00 in hexadecimal notation. You can calculate this value in the following ways: 

    // Java:
    Long.toHexString(System.currentTimeMillis()/1000);
     
    // PHP:
    sprintf("%08x", time());

    Java-PHP

    If you don't have the ability to calculate this on the page, you can alternatively specify a timestampUrl that fetches the value from the server.

  • streamName is the name of the video file, for example, Extremists.flv, flowplayer.flv, or rocknroll.mp4.

The example above will always generate the following URL: 

/video/51c3544ac33a24b012ba69bf6349db78/987987987/Extremists.flv

Bash

When we have the directories on the server, the video file can be loaded directly. We have not achieved our goals yet because anyone can copy-and-paste that URL anywhere they want and load the video. The trick is to alter this video URL from request to request and make those URLs expire after a certain amount of time. You can see such a configuration in the next demo.