tags:

views:

25

answers:

3
Q: 

How to control which users can see which videos

Imagine you have a large number of video files stored on a server, and a Flex app which lets users play those videos they have access to. How can you best set this up? Wouldn't the Flex app just be sent the name of the video to play... in which case couldn't someone else write another flex app if they knew the file names? Can Flex play videos hosted on other sites? Is there some clever piece on the server I'm missing, which sits between the Flex video player and the files?

A: 

You can write a server-side script (in PHP or something else) that serves the file only if your user is allowed to see it (how to determine that you'll have to come up with yourself). This is a bit of a performance hit, although not so much if you use PHP's readfile().

Bart van Heukelom  2009-11-27 15:51:22
A: 

Ask users to log-in with a username and password - you can use OpenID if you want.

Update:
Set the crossdomain.xml of your server in such a way that only Flash movies from your domain can access content from there.

Amarghosh  2009-11-27 16:02:05
How does logging in make any difference? That just means the Flex app is told a different list of videos, it's still able to show them if it knew the name.
John  2009-11-27 17:28:54
Use a crossdomain.xml file - Flash movies from other servers won't be able to access content from your site unless you allow them to do it through a crossdomain.xml.
Amarghosh  2009-11-27 17:47:05
So this is a safe approach: 1)store a load of files in a dir on the server. 2)when user logs in, server sends a list of files names they can see. 3)client loads videos from this list... so even though it would be easy for a hacker to find the file names, they couldn't create their own Flex app because the server wouldn't let the files be used from another site?
John  2009-11-28 14:54:25
Exactly. And if you implement log-in mechanism, unregistered users won't be able to see them even through your website.
Amarghosh  2009-11-28 15:28:02
A: 

Can Flex play videos hosted on other sites?

Your crossdomain.xml can control this. e.g. myvideoserver.com/crossdomain.xml would contain entries based on who you want to grant access to, like myflexserver.com. Then just ripping off your main flex application wouldn't give them access to your video files.

susichan  2009-11-27 16:54:20

related questions

Silverlight vs Flex
Executing JavaScript from Flex: Is this javascript function dangerous?
How To Get Label Of Combobox to Fade In Flex
How do I change the title bar icon in Adobe AIR?
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Flex: does painless programmatic data binding exist?
SoapException: Root element is missing occurs when .NET web service called from Flex
Any recommendations for in-depth Flex training?
How do I restyle an Adobe Flex Accordion to include a button in each canvas header?
Deleting / Replacing A Node in E4X (AS3 - Flex)
How can I "unaccept" a drag in Flex?
Printing Flex components in FireFox 3
Is it possible to add behavior to a non-dynamic ActionScript 3 class without inheriting the class?
How do I get rid of the "multiple describeType entries" warning?
Open local file with AIR / Flex
Flex / Air obfuscation
Adobe Flex component events
Can you access the windows registry from Adobe Air?
Actionscript 3 - Fastest way to parse yyyy-mm-dd hh:mm:ss to a Date object?
Adobe Air - Using multiple SQLite databases at once
How can I unit test Flex applications from within the IDE or a build script?
Best way to learn Flash?
Get the current logged in OS user in Adobe Air
Adobe air - SQLStatement.execute() - Multiple queries in one statement
Unloading a ByteArray in Actionscript 3.