"tedd" <tedd.sperling@xxxxxxxxx> wrote in message
news:p06240808c3a420b207cf@[192.168.1.102]...
Hi gang:
Here's the problem.
I have a client who has Flash Videos and wishes to rent these Videos out
for a certain time period. (No, it's not porn -- shame on you).
I have written the code and have NO problems with registering the user,
having the user pay, and managing user's time to allow viewing the video.
That's all been solved.
However, once the user is provided with a url where the Flash Video
resides, then the user can view the video remotely by just creating a page
that references that url -- that's easy to do.
Now, how can I stop that from happening?
I have some ideas, but would like to hear what greater minds have to say.
:-)
Thanks in advance for all replies.
tedd
Tedd, I think your biggest problem is going to be that most browsers cache
the things they run across, this would include embedded flash videos,
although it may take a little work
(http://www.walkernews.net/2007/06/03/where-is-firefox-internet-files-cache-folder/)
the users could grab the file form their cache. Second even if you use PHP
to map to a file eg. somephpfile.PHP?file=dl29coj2jodod which would respond
by serving a specific file, all you have to do is use Firefox's HTTP Live
Headers extension which will see the response come back with the actual
filename since you have to connect to it eventually.
You can fix the caching problem by following one of these suggestions
http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14743
And as far as the evading the live headers finding the actual file name and
just directly downloading it I'm not really sure how you would stop that.
You could have a PHP file open the .swf and read all of it's contents then
write out the headers and all the data, that way the user would really only
be talking to the PHP file.
Oh, and there's one more big problem. What's to stop people from just
taking the url (mapped or not) once logged in and just going to that
directly and doing a save as?
Really there's a ton of interesting ways a user could grab the flash movies,
but maybe rather than just having a .flv player and .flv files which can be
stolen off your site you might want to build authentication into the flash
movie itself. You could do something like serve the customer a unique
cookie every time they request to watch a movie, then serve them the movie
and have it check for the cookie.
Although even with all that in place you can still just get a flash
decompiler and decompile the protected .swf player/video and grab the .flv
content out of it.
Jesh, this is really a lot harder than I thought. Oh well, guess there's
never absolute security.
- Dan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
