Hi gang:
Here's my logic, so what's wrong with it?
My sole concern here is to protect a Video from being stolen and/or
being viewed remotely while allowing "approved" users to view it.
It is a fact that anything you present to a user is theirs. There's
no stopping them from downloading a Video if they have permission to
do so. In fact, that's exactly what they do when they view a Video --
they can't view it in their browser unless their browser has it.
Now, I have investigated several ways to protect videos and prevent
caching. Some methods are very complex -- but complexity does not
always guarantee security. Complexity is more likely to present
problems in its application. Sometimes the simplest method is best.
The simplest protection method I can think of can be done by using
Flash Video Actionscript in concert with php/mysql.
It's a simple matter to have the Video run the following prior to displaying:
theXML.load(http://example.com/security.php)
That's similar to a javascript onload function.
Upon loading the Video, the Video will run the script "security.php"
which in-turn will check to see if an approved user is attempting to
view the Video. This done by simply checking a user-id session
variable in the script that delivers the Video.
If that session variable (user-id ) is empty, then the security.php
returns nothing.
If that session session is not empty, then the script will check the
user-id against the database to see if the user has permission to
view the Video. If the user does not have permission, then the
security.php script returns nothing.
If everything checks, then the security.php script will return a key
and the Video will check that key against an internal key -- if a
match is made, then the video plays.
Now, please note that this will also prohibit the user, even after
paying for the Video, from downloading the Video for future plays
because the Video will always check for a key.
Even if the user downloads the Video and takes the Video to a remote
player, the Video will still try to run the security script seeking a
key. If the security script is not there, then it fails. Even if the
user figures out that the Video requires a key, the still user has no
way to determine what that internal key is.
So, I think this will work. What say all of you? Where have I screwed up?
And, please no one liners that solve the entire mess and make me look
like a fool.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
