8 Replies Latest reply on Oct 12, 2011 6:08 AM by reindeer4

    Protecting files against download

    reindeer4 Level 1

      Right now, if someone types in mySite.com/myFlv.flv, a popup window comes up asking if they want to download the file.


      How can I prevent this?


      I want my swf files (I'm building a site on the Gaia flash framework) to have access to all of my flv's/videos, but I don't want people to be able to download them.


      I know there's a checkbox in the Flash IDE to 'protect' your swfs (though I know there are ways around that) - but for flv's do those have to go in some type of special folder with a .htaccess file to protect them - and if so, how do I let my swf's communicate with the flv's and load them when necessary.



        • 1. Re: Protecting files against download
          reindeer4 Level 1

          Any suggestions on this?


          Do I need to keep these videos up above the public_html or www directory?

          And if so, does that present a problem for my actionscript to access them?


          Or is than an .htaccess file I can place in the directory with the videos to protect them against downloads?  (or is that not possible with progressive downloads anyway since the file or parts of it get loaded into the user's cache?)


          Thanks for any help.

          • 2. Re: Protecting files against download
            kglad Adobe Community Professional & MVP

            why don't you encrypt the path/name so user's can't determine what's being loaded and from where it's loading?

            1 person found this helpful
            • 3. Re: Protecting files against download
              adninjastrator Level 4

              Just keep in mind that whatever protection scheme you settle on, there are ALWAYS ways around it. Even HTTP pseudo and true streaming can easily be captured with free screen capture software.

              So you can try hide the file name, but yes, progressive downloaded video is FIRST downloaded to the cache on the viewers machine... they don't even need to copy the file... they already have it.

              If it's on the Internet, it can be copied/saved/etc.

              Best wishes,


              1 person found this helpful
              • 4. Re: Protecting files against download
                reindeer4 Level 1

                Thanks kglad and adninjastrator -


                Yeah, I realize that anyone who's mildly tech savvy and interested in capturing those files or video can do so, but while I may offer some videos for download to registered members on my site, I'd rather not have a link sitting out there for anonymnous visitors.


                So, would a .htaccess file prevent that?  Could I put something in my assets folder where I keep my videos that prevents that popup box that offers to download the file? 

                Or is putting my assets folder outside of the www or public html area an option?

                Or any other way that would be fairly easy to implement even though it wouldn't prevent determined users from getting at such content?


                Thanks for any suggestions.

                (And kglad - could you explain how I go about encrypting the path, particularly without breaking functionality since I'm building a Gaia site which relies upon a site.xml document to tell the main.as file what all of the assets are and where to find them.

                • 5. Re: Protecting files against download
                  adninjastrator Level 4

                  Are these files available for viewing or just downloading? If just download, then an htaccess file could require a username/password to access the folder.

                  If viewer can download the file, you don't have to have your file names out in the open... even without encryption you can "hide" the exact path.

                  So when you say "mySite.com/myFlv.flv" where is that file name coming from? is it shown explicitely in the source code? if so, where? in your Flash vars? So why not use an xml file as a playlist and in the xml file, itself give only part of the path...and in the actionscript, you use just a part of the path name when you "push" the files names into the array:

                  urls.push("thumbs/" + ss[i].attributes.url);

                  then in the xml file, you use only a part of the entire path, leaving out the "thumbs" folder name. Viewer would not know that the name "thumbs" must be added to the path to find the .flv

                  Or just describe the entire path name in the actionscript.

                  For example. what is the file name of the .flv playing on this page?


                  File name is not out in the open...

                  But it's really pretty easy to figure out...

                  So trying to protect the file name of a video that the Web browser can play... seems pretty futile... since it's so easy to get around.

                  Best wishes,


                  • 6. Re: Protecting files against download
                    reindeer4 Level 1

                    adninjastrator - the files / flvs are just supposed to be available for viewing, so if a visitor clicks on a certain button in my flash site, the flv is played.  If someone types in the address, however - say mysite.com/assets/videos/myFLV - a download box pops up with option to download the file.


                    This isn't a huge deal, but if there was an easy fix that wouldn't complicate my flash development I'd implement it.

                    • 7. Re: Protecting files against download
                      adninjastrator Level 4

                      The way that the Web browser finds the .flv file is essentially exactly like putting "mysite.com/assets/videos/myFLV" in the address bar. So if the browser can download it, so can the viewers.

                      I'm just suggesting methods of hiding the path to the file so that the viewer will not know what to type in the address bar..... but like I said, it's still pretty easy to figure out.

                      Best wishes,


                      • 8. Re: Protecting files against download
                        reindeer4 Level 1

                        OK.  Thanks for your help.  I guess anyone who's typing www.mysite/xxx.flv into the URL window is specifically trying to get the file (as opposed to simply stumbling upon it), so I'll have to think it over some more as to whether or not it's worth trying to obfuscate the path.  Appreciate the help you've given.