On our own website, it's easy to protect against direct links to our video content by grabbing a token through AJAX and verifying the token through PHP be开发者_StackOverflowfore the file download is started.
However I'm also researching how I could provide an embed feature, like YouTube or vimeo etc., without compromising this security feature.
The problem is that the embed code I want to provide should look something like <object>...<embed>...</embed></object>
-- but I don't know how to grab and append the token to the filename. I mean, I guess I could attach a script that did some gnarly JNOP business, but that's too dirty.
I'm using JW Player for the actual video container.
Huge thanks to anyone who can help...
Do this:
- Make the embed a script pointing to your server.
- When the script is requested, generate a token and save it in a database + output it in the script
- Make the script print out the embed tag with the token in there as a parameter.
There you go.
You can do this without the token. First don't allow your videos to be linked to directly at all. Put them outside of the document root.
Now create a wrapper function that checks to see if the user is allowed to download it. You can set a cookie or session parameter on the download page that expires in 5 minutes. The wrapper just checks to see if this is set. If so, then read the swf and send it to the user with appropriate headers.*
Now you link to /path/viewSwf?id=123 in your <object>
tag and everything is happy!
* You will probably need to set the php timeout to a larger value if your video is long.
精彩评论