On Jan 4, 2008 9:16 PM, tedd <tedd.sperling@xxxxxxxxx> wrote: > Hi gang: > > Here's my logic, so what's wrong with it? > > My sole concern here is to protect a Video from being stolen and/or > being viewed remotely while allowing "approved" users to view it. > > It is a fact that anything you present to a user is theirs. There's > no stopping them from downloading a Video if they have permission to > do so. In fact, that's exactly what they do when they view a Video -- > they can't view it in their browser unless their browser has it. > > Now, I have investigated several ways to protect videos and prevent > caching. Some methods are very complex -- but complexity does not > always guarantee security. Complexity is more likely to present > problems in its application. Sometimes the simplest method is best. > > The simplest protection method I can think of can be done by using > Flash Video Actionscript in concert with php/mysql. > > It's a simple matter to have the Video run the following prior to displaying: > > theXML.load(http://example.com/security.php) > > That's similar to a javascript onload function. > > Upon loading the Video, the Video will run the script "security.php" > which in-turn will check to see if an approved user is attempting to > view the Video. This done by simply checking a user-id session > variable in the script that delivers the Video. > > If that session variable (user-id ) is empty, then the security.php > returns nothing. > > If that session session is not empty, then the script will check the > user-id against the database to see if the user has permission to > view the Video. If the user does not have permission, then the > security.php script returns nothing. > > If everything checks, then the security.php script will return a key > and the Video will check that key against an internal key -- if a > match is made, then the video plays. > > Now, please note that this will also prohibit the user, even after > paying for the Video, from downloading the Video for future plays > because the Video will always check for a key. > > Even if the user downloads the Video and takes the Video to a remote > player, the Video will still try to run the security script seeking a > key. If the security script is not there, then it fails. Even if the > user figures out that the Video requires a key, the still user has no > way to determine what that internal key is. > > So, I think this will work. What say all of you? Where have I screwed up? > > And, please no one liners that solve the entire mess and make me look > like a fool. > > Cheers, > > tedd > I'm not sure if you mean FLV's or SWF's. If you mean FLV's loaded from SWF's, the browser can cache the FLV, and the user can later retrieve it. If you mean SWF's, there are "extractors" out there. In other words, it's not really possible to completely secure these videos, but this is a fairly good solution, as I see it. -- -Casey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
