9 Replies Latest reply: Aug 8, 2009 5:26 PM by Nancy O. RSS

    How to protect an embedded FLV

    Mike_Watt Community Member

      I have an embedded FLV file on a page (http://www.radioimaging101.com/video.php?v=1)

      I'm looking for a way to protect this from access outside of this page either by somehow encrypting the url within the embed, or somehow preventing access to the video from outside the domain...Any ideas?

        • 1. Re: How to protect an embedded FLV
          Mylenium CommunityMVP

          That's what .htaccess rules do (rewrite rules to forward outside requests to the page, not the linked file would be required). If you can't edit that file, then you should forget the whole idea. All other solutions using JavaScript or URL obfuscation can easily be circumvented and most easily by automated bots. it would only make things harder for visitors.

           

          Mylenium

          • 2. Re: How to protect an embedded FLV
            Mike_Watt Community Member

            Hey, thanks for the reply.  I do have the ability to create/edit the .htaccess file - I've only limited experience with them and the syntax... I'll Google it and see what I can come up with...  Thanks again.

            • 3. Re: How to protect an embedded FLV
              Mike_Watt Community Member

              Quick follow-up, if I may...

               

              I looked and it seems like using mod_rewrite is the best way to do this?

               

              I found this post about how to use mod_rewrite:

              RewriteEngine on
              RewriteCond
              %{HTTP_REFERER} !^$
              RewriteCond %{HTTP_REFERER} !^http://(www\.)?your-domain.com/.*$ [NC]
              RewriteRule .(gif|jpg)$ – [F]

               

               

              My hosting company says this:

              Mod_rewrite is an Apache web server module installed on all of our Linux servers by default; it does not have to be installed or enabled. Our Linux hosting accounts support most mod_rewrite functionality.

              You do not need to enable mod_rewrite in your httpd.conf, as this is handled at a global level. All you need to do is add the desired code to the body of your .htaccess file.

              For more information about mod_rewrite see the Apache Module mod_rewrite documentation.

              My question is: can I add any extension I want to the "RewriteRule" section (like in this case, flv) and have it work properly?  Is the only modification to the above code changing "your-domain" to my domain, leaving the rest as is?

              • 4. Re: How to protect an embedded FLV
                Mylenium CommunityMVP

                I'm not good at this, either. I recommend you look around for "htaccess dirty tricks" and "htaccess cheatsheet". There are 2 or 3 sites that explain several techniques quite well for beginners. I have a good one home on my otehr computer, if I don't forget I will post the direct link...

                 

                Mylenium

                • 5. Re: How to protect an embedded FLV
                  h264argh

                  What a silly thread.

                   

                  You do realise that anyone can come alone, do a screen capture of the movie with Hypercam and have their very own version of it?

                   

                  YOU CAN'T stop people from ripping your stuff.

                   

                  The best you can do is watermark your frames, or put your logo name in the scene file, that way, if someone rips it, they can't palm it off as their own, providing you've not put the waterwark in a place that they can crop out and not ruin the movie.

                  • 6. Re: How to protect an embedded FLV
                    Mike_Watt Community Member

                    Wow, H264 - how insanely unhelpful.

                    I know that "if they can view it they can steal it" - but that's not the point.  People who can view it are ALLOWED to take it.  What I am trying to avoid is someone coming along and stealing content to which they never had access to begin with. Because they used to have access and have looked at the code to see the storage locations and extrapolate out future videos based on that.

                    Secondly, if someone wants to go through all that - screen captures, etc. then they can have it... I'll accept that.  Just because you can't make it impossible doesn't mean you should make it easy.  I think a lot fewer people would bother doing that (and even fewer even know how.)

                     

                    Having said all that, I think the easiest thing to do is going to be to add a DB value into the link and change that for every new file in the DB... then it would be impossible to "guess" what the new files were if they weren't following the same naming convention...

                    • 7. Re: How to protect an embedded FLV
                      Mike_Watt Community Member

                      I think I found a rather simple and elegant solution to this.

                      I'll do as I have been, and have the page call the file via MySQL value ($row_media['file1'])... but those values, the file names, will be stored using MD5 or SHA... so, basically, all anyone will ever see (even if they go snooping through HTML output) will only be the encrypted version... hell, I could go a step farther and  encrypt the whole path this way if I wanted to, though I think that's probably unnecessary.

                      This makes sense in my head - does anyone else see anything that I might be missing that would prevent this from working as I'm anticipating?

                      • 8. Re: How to protect an embedded FLV
                        h264argh Community Member

                        AFAIK every flv you view is saved automatically to your temp internet folder.


                        it really is pointless, given anyone sneaky enoug to want to steal your stuff will almost certainly know about flv's being saved, or simply doing a screen capture.Secondly, even if you try to hide the flv, there is streaming software that can rip it andshow the location, so its feeble trying.
                        If you don't belive then post me a link and I'll find it in seconds.


                        Like I said, place watermarks or place a reference to yourself in the video.
                        That way, it will BE LESS apealing to for people to steal.

                         

                        I was not being UNHELPFUL, I was simply telling you that its a wasted effort.
                        people with the ripping mindset know how to get around the stuff you try.

                        • 9. Re: How to protect an embedded FLV
                          Nancy O. CommunityMVP

                          Put your media pages and media files inside a Password Protected folder using .htaccess and .htpasswd files. This will keep out unauthorized users, search engine bots, majority of backdoor attempts to access media, etc..

                           

                          +MainSite

                            index.html

                            about_us.html

                            contact.html

                          +MEMBERS (password protected)

                          index.html

                               +MediaFiles

                                 yourvideo.flv

                           

                          http://httpd.apache.org/docs/2.0/programs/htpasswd.html

                          http://www.htaccesstools.com/

                           

                           

                           

                           

                          Nancy O.
                          Alt-Web Design & Publishing
                          Web | Graphics | Print | Media  Specialists
                          www.alt-web.com/
                          www.twitter.com/altweb
                          www.alt-web.blogspot.com