Re: How to secure Flash Video?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2008-01-04 at 14:43 -0500, tedd wrote:
> At 1:54 PM -0500 1/4/08, Robert Cummings wrote:
> >On Fri, 2008-01-04 at 13:29 -0500, tedd wrote:
> >
> >  > Rob:
> >>
> >>  I have all of that logic in place now.
> >
> >Then what is the problem? or do you mean you don't ant the same user to
> >view the item while logged in at some point in the future? If so then
> >use a GET parameter (MD5 or SHA1 should suffice) that maps to a DB entry
> >that indicates expiration time.
> >
> >Cheers,
> >Rob.
> 
> 
> Rob:
> 
> I'm sorry, I must not explaining it well.
> 
> I have all the code in place to manage viewers.
> 
> What I'm asking is how to stop someone who isn't authorized to view a 
> video after they know the url.
> 
> For example, let's say a person pays and has access to the video for 
> some period of time.
> 
> Later his time runs out and if he returns to the site and tries to 
> see the video again, he can't because he has to pay again. No 
> problem, I have all that worked out.
> 
> However, let's say the user pays, views the video, makes a note of 
> the url, and his time runs out. What's to stop him from viewing the 
> video again by just entering the url?

It's simple, the URL should NOT directly point to the flash. It should
point to a PHP wrapper script. The wrapper script then allows you to do
any kind of checking necessary to restrict viewing of the video. This
can include:

    - checking that the user is logged in
    - checking that the user paid during current session
    - checking that the user has email address robert@xxxxxxxxxxxxx
    - etc

If the check allows viewing of the flash, then read the content of the
flash object in PHP and flush to browser along with appropriate flash
content headers.

Cheers,
Rob.
-- 
...........................................................
SwarmBuy.com - http://www.swarmbuy.com

    Leveraging the buying power of the masses!
...........................................................

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux