Any suggestions on this?
Do I need to keep these videos up above the public_html or www directory?
And if so, does that present a problem for my actionscript to access them?
Or is than an .htaccess file I can place in the directory with the videos to protect them against downloads? (or is that not possible with progressive downloads anyway since the file or parts of it get loaded into the user's cache?)
Thanks for any help.
1 person found this helpful
why don't you encrypt the path/name so user's can't determine what's being loaded and from where it's loading?
1 person found this helpful
Just keep in mind that whatever protection scheme you settle on, there are ALWAYS ways around it. Even HTTP pseudo and true streaming can easily be captured with free screen capture software.
So you can try hide the file name, but yes, progressive downloaded video is FIRST downloaded to the cache on the viewers machine... they don't even need to copy the file... they already have it.
If it's on the Internet, it can be copied/saved/etc.
Thanks kglad and adninjastrator -
Yeah, I realize that anyone who's mildly tech savvy and interested in capturing those files or video can do so, but while I may offer some videos for download to registered members on my site, I'd rather not have a link sitting out there for anonymnous visitors.
So, would a .htaccess file prevent that? Could I put something in my assets folder where I keep my videos that prevents that popup box that offers to download the file?
Or is putting my assets folder outside of the www or public html area an option?
Or any other way that would be fairly easy to implement even though it wouldn't prevent determined users from getting at such content?
Thanks for any suggestions.
(And kglad - could you explain how I go about encrypting the path, particularly without breaking functionality since I'm building a Gaia site which relies upon a site.xml document to tell the main.as file what all of the assets are and where to find them.
Are these files available for viewing or just downloading? If just download, then an htaccess file could require a username/password to access the folder.
If viewer can download the file, you don't have to have your file names out in the open... even without encryption you can "hide" the exact path.
So when you say "mySite.com/myFlv.flv" where is that file name coming from? is it shown explicitely in the source code? if so, where? in your Flash vars? So why not use an xml file as a playlist and in the xml file, itself give only part of the path...and in the actionscript, you use just a part of the path name when you "push" the files names into the array:
urls.push("thumbs/" + ss[i].attributes.url);
then in the xml file, you use only a part of the entire path, leaving out the "thumbs" folder name. Viewer would not know that the name "thumbs" must be added to the path to find the .flv
Or just describe the entire path name in the actionscript.
For example. what is the file name of the .flv playing on this page?
File name is not out in the open...
But it's really pretty easy to figure out...
So trying to protect the file name of a video that the Web browser can play... seems pretty futile... since it's so easy to get around.
adninjastrator - the files / flvs are just supposed to be available for viewing, so if a visitor clicks on a certain button in my flash site, the flv is played. If someone types in the address, however - say mysite.com/assets/videos/myFLV - a download box pops up with option to download the file.
This isn't a huge deal, but if there was an easy fix that wouldn't complicate my flash development I'd implement it.
The way that the Web browser finds the .flv file is essentially exactly like putting "mysite.com/assets/videos/myFLV" in the address bar. So if the browser can download it, so can the viewers.
I'm just suggesting methods of hiding the path to the file so that the viewer will not know what to type in the address bar..... but like I said, it's still pretty easy to figure out.
OK. Thanks for your help. I guess anyone who's typing www.mysite/xxx.flv into the URL window is specifically trying to get the file (as opposed to simply stumbling upon it), so I'll have to think it over some more as to whether or not it's worth trying to obfuscate the path. Appreciate the help you've given.