This is a message.

How to encrypt the video URL in flowplayer display?? Created Jun 15, 2009

This thread is solved

Views: 4555     Replies: 5     Last reply Aug 28, 2011  
You must login first before you can use this feature

soamz

Posts: 1

Registered:
Jun 9, 2009

How to encrypt the video URL in flowplayer display??

Posted: Jun 15, 2009

Hi there..
I just saw a website which is protecting his video URL link:
http://xyz.s3.amazonaws.com/core-training/step1-development.flv

Here is how the link is written on his website source code:

http://www.xyz.com/flashplayer_low.php?movie=http%3A%2F%2Fxyz.s3.
amazonaws.com%2Fcore-training%2Fstep1-development.
flv%3FAWSAccessKeyId%3D0NT4QN7M5H0BVQ0QQTR2%26Expires
%3D1245032925%26Signature%3Duq8q5WquZ2gAbEPclVtTRSeOR
Fw%253D

Not only is the link encoded, but it has an access key, an expiration, and
a signature. Now, this is important because many people will try to direct
link the .flv file and post the video to the internet via torrents or copycat
sites. I'd rather not have to worry by somehow cloaking the flv URL or
setting parameters that only allow a member who is logged in to view the
video.

I have succeeded in doing how he is doing by doing the php file which calls the movie parameter and when i enter at my site, it works best like this,

http://www.soamz.com/flashplayer_low.php?movie=http://www.soamz.com/video.flv

But I want to encrypt it,how he is doing..
Someone get me a good solution..

PaulOgilvie

Posts: 61

Registered:
Feb 15, 2009

» How to encrypt the video URL in flowplayer display??

Posted: Jun 16, 2009

Reply to: How to encrypt the video URL in flowplayer display??, from soamz
Encrypting the link won't help much. Once a video is played, it often ends up in the browser cache and a clever user can copy it from there.

But to encrypt a link, you can do that simple:
  • have a letter transcription table, so A becomes D, Z becomes Y, etcetera.
  • have your Content Management System (often you yourself) rewerite the links like that
  • let your server reverse the transcription and send the real file
  • or, of course, invent a clever scheme yourself :-)

spinhead
Business Heretic

Posts: 16

Registered:
Sep 28, 2009

you"re looking for Amazon S3 Querystring Auth

Posted: Sep 29, 2009

Reply to: How to encrypt the video URL in flowplayer display??, from soamz
They're using Amazon's S3 storage, and the S3 querystring authorization

See this page

http://docs.amazonwebservices.com/AmazonS3/latest/index.html?RESTAuthentication.html

It is non-trivial to implement, and, in fact, I have not yet done so successfully.

While I know of no evidence that a streamed video is captured in the user's cache, don't waste time trying to keep folks from copying your video. Use an auth scheme for something practical like keeping your bandwidth costs down.

Anentropic

Posts: 5

Registered:
Jul 13, 2010

» How to encrypt the video URL in flowplayer display??

Posted: Sep 23, 2010

Reply to: How to encrypt the video URL in flowplayer display??, from soamz
http://www.xyz.com/flashplayer_low.php?movie=http%3A%2F%2Fxyz.s3
.amazonaws.com%2Fcore-training%2Fstep1-development.flv%3FAWSAc
cessKeyId%3D0NT4QN7M5H0BVQ0QQTR2%26Expires%3D1245032925
%26Signature%3Duq8q5WquZ2gAbEPclVtTRSeORFw%253D

This url is not encrypted, it is just urlencoded. you could paste that url into the browser address bar and it would work.

Making an expiring link like Amazon provide is more tricky.

You'll see they have three variables in the querystring:
AWSAccessKeyId=D0NT4QN7M5H0BVQ0QQTR2 (from your S3 account)
Expires=1245032925 (this is probably a timestamp value)
Signature=uq8q5WquZ2gAbEPclVtTRSeORFw

The 'Signature' is the part that makes it secure. This will be a secure hash of the string concatenation of the first two values together with a third secret salt value. (The salt makes it impossible for people to generate their own signature)

When the server processes one of these links it can first check that the expiry date hasn't been tampered with by computing the signature - if the computed signature matches the one supplied in the url then it hasn't been tampered with. If it's legit the server can then check if the link is still valid according to the expiry date and serve the file or not.

That's just the video server side. You then need code in your page to generate valid links to the video files, according to the rules above.

It's not super difficult and it can prevent other sites from hot-linking your videos, but any user with a valid link will still be able to find a way to download the video file I would imagine.