Best IT Recipes

How can I prevent / obstruct the download of my flash movie?

I want to at least prevent regular users from downloading my flash video.

What is the best way to do this?

Create an httphandler, add a token (e.g. timeid), set the cache control to no-cache so that only users with the correct token can watch the correct video. Is it possible?

The requirement from the client that the video should not be uploaded by users and should only be tracked on a specific website.

I want to know if this works: http://www.somesite.com/video.swf?time=1248319067

The server will generate a token (time in the example above), so the user can have only one request for this link. If the user wants to watch the video again, he needs to go to our website in order to get the token again. Is it okay to prevent newbies from downloading?

I cannot download this flash video using the downloadHelper firefox plugin: http://news.bbc.co.uk/2/hi/americas/8164177.stm

Updated (13:49 pm 2009/07/23): The above file can be downloaded using some video download software.

The video files of the following Chinese sites are well protected (I can’t download it using many video download programs): http://programme.tvb.com/drama/abrideforaride/video/

Do you know how to do this?

+4
flash
Jul 17 '09 at 9:03
source share
9 answers

I don’t think there is an easy way to stop people from getting your videos if they want them,

There are many plugins for firefox that allow you to download even from youtube and many places. And I think that these plugins will disable any attempt you made to hide your videos.

not too terribly different from the fact that the image is flickering, they create a clear gif image above the image you want to view, so when you right-click and save the β€œshield” image, it can be defeated by the print button with a low print level. A.

if you want random users to receive your file, use flash control and buffer a minute or two of your videos and make this flash drive authenticated with the server to receive these files. what seems reasonable to me

+7
Jul 17 '09 at 9:23
source share

I do not think that this is actually an easy way to limit people's access to this. You send them a video, here is how they can view it. Any user can simply use FRAPS or a similar tool to copy video from the screen.

If your concern is copied and used elsewhere, you can use it or use several other copy protection methods that will allow you to identify your work on other sites. If you are worried that people are copying it for personal use, then you really cannot stop it; you send it to them.

Edit: Due diligence will inform your client about how easy it is to copy the work that they will post. Most customers have no idea how simple it is.

+2
Jul 23 '09 at 3:40
source share

Here is how I like to solve this problem.

This method works by creating a ticket to download content on a single HTTP request ... Another attempt to use the same ticket to download content will fail, so any extensions that try to download the content again or the user manually tries not to do this, therefore a flash player will be the only way to download content. However, there is one recession for this approach, users will not be able to skip the part of the video that was not downloaded ... in some standard player implementation that may even stop the video from loading. Any ideas on this would be greatly appreciated.

I'll start by writing a PHP script that accepts video_id, file_name, or the local path to your video file (depending on the storage infrastructure of your video collection) in a GET request along with a unique hash value (it’s hard to guess and come up with, possibly generated by a secret key so that it can be was to check that it came from our receiver (flash player), if the hacker sent us a used hash or an invalid hash (does not satisfy our key), we will not send him a file). Then the PHP script opens the video file and sends its contents with the correct mime video type. for FLV, the mime type is video / x-flv. It ensures that after the unique hash has not been used before and will be correctly generated from your secret encryption key.

Then, as soon as the page with the flash player loads, we can provide the .php file with the correct settings for receiving the video player as a video. (If this is a simple player that only allows flv files, you can always program your .htaccess file to analyze .flv files as a php script in a specific folder only and rename your .php file as .flv and try your luck) ... in any case ... Also create a hash key ... maybe you can take the current server time and add it to the salt value, for example, to another key known by both scripts, and encrypt this final concatenation with the secret key.

So, as soon as the php script video gateway receives the file name or hash key ... it will decrypt the hash key and find out if it is really generated from the script's sister and should not send the video again to the same hash key ...

For added security, you can reset the private key using the cronjob or bootstrap mechanism. To prevent duplication of hashkeys usage, you can store them in mysql database, file operations or NOSQL (depending on your needs and infrastructure).

Make sure that the file is requested by the same user agent for which the hash key was created. In case the hacker tries to use CURL or Wget for your video with an unused URL, before the flash player gets a chance to use the hash key. In this case, the hacker will have to imitate the user agent of the browser or download the file using the command line tool ... However, note that this is not your average champion.

+2
Nov 26 '11 at 11:08
source share

It looks like you need to add authorization and authentication.

You can put the flash video in a different folder in your ASP.Net application and add the web.config file to this folder to block access to unauthorized users. For example:

Then you need to enable authentication for your website. The simplest method is form authentication . A trivial example with a hard-coded username and password is provided here .

ASP.Net has loads that you can do with the authentication infrastructure. I suggest a little work with Google.

+1
Jul 17 '09 at 9:25
source share

The only way to do this is with a trusted client, DRM, and an encrypted source.

Your player opens a connection, the user has a connection to the stream, you perform some kind of magical authentication using your token, and then pass encrypted data to them.

If you do not, everyone can upload your video and save it.

However, with all this, someone can start capturing the screen, and then save the video and do it again. This again, when DRM enters as one of the key features of DRM in Windows clients, is that the buffer cannot be sniffed, like on a secure media path.

I think that the question of how to protect your income, but dealing with pirates, will always be a problem for software developers regardless of their business.

+1
Jul 23 '09 at 3:44
source share

I have a solution that I am going to try for myself (since I have the same concerns), but I know that it includes a lot of extra time and work ...

Solution: use flash video compression to a SWF file. Before compressing, add some AS code to the movie for authentication. suggestions for authentication:

1 test URL 2 create a special flash player that has a verification code marked with a .swf video

I like # 2 better, and as an extra measure, you can overlay the id code on the video, so if someone captures the video using the on-screen recording software, you can at least keep track of the original source of the copied video .. and exact retribution ...

+1
Nov 28 '10 at 10:25
source share

You just cannot prevent it. But ... you can make it difficult. Here are some thoughts that come to my mind.

1 First, add your identifier in the video (you can always download it)

2 The hard way ... Add Ajax to the server back to check the random generated key that it will store in the session every N seconds. After each post back cleared the player’s buffer and launched the video, I was (using javascript). Use JavaScript again to prevent the video source from loading using the "view source".

3 Address all your videos in URLs, for example http://www.example.com/viewvideo/1 OR .. /? Id = 1. Add a blank image overlay with a transparent background. Serve the original video and a blank video somewhere on a page with a normal extension and the display: none style attribute. (will create problems for some boot assistants)

4 Each time you show a video, if the request is sent from a browser (i.e. check UserAgent)

5 cookies with some random value in combination with the video ID. Check it on the client and server side, and then play the video.

6 In the focusout event, hide the video using javascript. place the resume button in the flash and leave the frame replacement (for example, pause, but without the original video in the buffer).

7 Combine these methods

these are random generated ideas, did not check what I say, that does not guarantee the download of the video.

+1
Sep 15 '11 at 3:26
source share

I tried to do two ways to prevent the download, but could not.

  • Using javascript to dynamically create an object for flash.
  • Using the marker idea suggested in the question.

What annoys me the most is that a simple SAVE / AS from Firefox can easily get around the tricks.

The only variable so far is using an empty swf file to load another swf file. Combined with the idea of ​​a marker, it works.

0
Oct 07 '09 at 14:41
source share

in my answer you cannot stop stealing an image / video, but you can make it harder for ordinary users, but you cannot make it harder for programmers like us (I mean thieves who know little about web programming), there are some tricks you can try: -

1.) Using flash like youtube and many other sites like http://www.funnenjoy.com .

2.) An overlay div or background pic setting (but users with little sense can easily save all resources by opening a check item or another developer option).

3.) You can disable right-click and special keys such as CTRL + S and others possibles with JAVASCRIPT, but the main drawback is that if the user disables JAVASCRIPT , all our tricks fail.

4.) Save the image in no online directory (if you have full access to the web server) and read these files with server languages ​​such as PHP every time you need an image / video, and changes the image identifier from time to time or create a script that can automatically change the identifier after each access.

5.) Use .htaccess in apache to prevent other sites from linking images. you can use this site to automatically create .htacess http://www.htaccesstools.com/hotlink-protection/

0
Mar 23 '14 at 12:46
source share


More articles:


All Articles