Re: Referer checking is able to be referer spoofed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dan Rossi wrote:

On 20/03/2005, at 5:40 AM, Marek Kilimajer wrote:


If you need only hotlink protection then the current referer checking is just enough. Most users will not install referer spoofing software.


But if you need to be 100% sure the videos are streamed through affiliate server, you can use tokens - a script at the affiliate server will request a token from the streaming server (with username/password/clip id etc.). This token will be sent with the link to the streaming server. Hope this is clear.




Hi there sorry to return back to this, but we are somehow needing to create a token url that will be generated on the customer's webpage before the link is redirected to an access script of our clients video feeds site. What would be the most safest credentials to use to create a token with and how could the access script decrypt this information to validate access ? Let me know if this is too vague of a question thanks.


You can create tokens using uniqid() function. Save the token in the database together with create time, so you can expire it. Then in the access script check if the token is in the database and it has not expired.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux