tags:

views:

102

answers:

5
+2  Q: 

Is rtmp the only way to protect images

I have images that I need to manage access to. I've come across osmf and rtmp streaming which are flash/adobe technologies and would require me to install a special server. Anyone knows of other ways to get the same effect with php.

Edit:

By "manage access to" I mean that the average user would not be able to save the page and save the image with it. If they want to view the image again, they would have to revisit, re-request it. Flash streaming server offers that, but are there non-flash/adobe solutions to compare it to.

Edit:

"Give up" is not something you say to your employer who is a publisher and has legal requirements to protect the IP other entities license to them. Sorry, but I don't make management decisions, and I'm not a lawyer. I work in the technical department and need to find the best technical solutions to what's being asked. If it still fails occassionally, I would say this is the best technology has now, and I've given it to you. I don't want to be found personally negligible when I should have done my best. Some people don't seem to have real jobs?

+5  A: 

RTMP doesn't "protect" anything. If you stream it to the user's machine, they can copy it. Copyright law is the only way to deal with this. If you just want to provide access to logged in users, HTTP with cookies works fine.

Matthew Flaschen  2010-07-05 20:50:39
RTMP does obfuscate content, in that you can't link to the image, download it or view it in a browser without knowing what you're doing.
Alex JL  2010-07-05 20:55:11
@Alex, I never said it didn't obfuscate it. The point is that the obfuscation isn't effective.
Matthew Flaschen  2010-07-05 22:12:29
What I mean to point out is that it can be quite effective against casual users downloading your content. Agreed that as with everything else like this, you can't beat someone determined who has specialized software.
Alex JL  2010-07-05 22:29:43
A: 

Gallery - http://gallery.menalto.com/ - allows you to create albums and set permissions so only certain users can see them.

Forrest  2010-07-05 20:51:45
Not the question I'm asking though. Once inside, the user can save the images.
craft  2010-07-05 21:12:36
+3  A: 

By "manage access to" I mean that the average user would not be able to save the page and save the image with it. If they want to view the image again, they would have to revisit, re-request it. Flash streaming server offers that, but are there non-flash/adobe solutions to compare it to.

Give up. What you want is impossible. Any content that can be viewed can be copied and no technology on earth can change this. There is no gain in making your site confusing for the average user who only wants to save the image so they can send it to their friend.

Give up.

Kalium  2010-07-05 23:10:35
"Give up" is not something you say to your employer who is a publisher and has legal requirements to protect the IP other entities license to them. Sorry, but I don't make management decisions, and I'm not a lawyer. I work in the technical department and need to find the best technical solutions to what's being asked. If it still fails occassionally, I would say this is the best technology has now, and I've given it to you. I don't want to be found personally negligible when I should have done my best. Some people don't seem to have real jobs?
craft  2010-07-06 00:18:29
Then I suggest you tell your boss to go to legal and come back with contract terms that aren't technologically impossible. EDIT: If your work fails, you're likely to be on the hook no matter how hard you tried.
Kalium  2010-07-06 00:38:36
@Kalium, What you're saying is strange. If his work fails, he's not on the hook if he followed best practices. He's probably wrong worrying about being personally liable, but he should worry about his references if he wants to work at a similar employer in the future. Many patients die in the emergency room every year. The doctors who tried to treat them aren't on the hook as long as they followed the rules. If the doctor however stood there stroking his chin, and said looks like this patient won't make it, why bother trying, then he's on the hook. Same here. Doing your job is worth it.
cooper  2010-07-06 05:28:19
@cooper Clearly you have greater faith than I do in the publishing industry not being trigger-happy with lawsuits. A good faith effort isn't always good enough when there's a possible breach of contract claim. The sane thing to do is assume that when your work fails, you'll be on the hook. The smart thing to do is the refuse to work on a system that cannot possibly work and can only fail, especially when failure may result in personal liability.
Kalium  2010-07-06 15:56:53
@Kalium, I don't know much about the publishing industry, but in the cc industry (which is 20x more obsessed with security), I rarely if ever saw an employer go after their own people. They go after the real culprits. If at all you're ever on the hook, it's very briefly until you're very quickly cleared if you've done your job. For your trouble, they pay pretttty damn well too ;) All these industries understand very well that security isn't perfect. If a developer is smart, likes a challenge, wants a more ethical world, the security niche is very rewarding, programming-wise and otherwise.
cooper  2010-07-07 03:11:54
+1  A: 

I always thought RMTP is meant for protecting video. It's a streaming media server. Assuming your images are high-quality, I'd be afraid of transmission problems degrading the quality of the images.

What you could do to prevent casual downloaders is process the image files before uploading them to your server. Perform a basic numeric transformation of any type -- it doesn't matter what you do to the file as long as the end file is impossible to load as a JPG/PNG. Then load the file with a Flash movie as a ByteArray, transform the data in the opposite direction to return it to its original state and draw it as a bitmap. The flash code doesn't sound like a lot of work, you'd also have to encode the images before hand.

Not a trivial solution, but certainly doable.

Andrew  2010-07-05 23:24:45
+4  A: 

As you seem to know, Adobe helps a lot. They've been doing great work on media protection. You might also want to check their other formats from this article. The summary is here:

  • RTMP: unencrypted
  • RTMPT: tunneled over HTTP, means RTMP data is encapsulated as valid HTTP data
  • RTMPS: sent over a secure socket layer (SSL)
  • RTMPE: an enhanced and encrypted version of RTMP, faster than SSL and does not require certificate management as SSL does
  • RTMPTE: encrypts the communication channel, tunneling over HTTP. The key benefits over SSL (RTMPS) are performance, ease of implementation, and limited impact on server capacity.

If you also plan to use Adobe's Open Source Media Framework as you say in your original post, I can't see why you can't secure your content in the way you described.

The answer to your question is that I doubt you'll find anything better. Check out this interesting blog post by Google and pay attention to paragraph 6. If Google uses them, I think you should take that as a hint.

Content Protection YouTube doesn't own the videos that you watch - they're owned by their respective creators, who control how those videos are distributed through YouTube. For YouTube Rentals, video owners require us to use secure streaming technology, such as the Flash Platform's RTMPE protocol, to ensure their videos are not redistributed. Without content protection, we would not be able to offer videos like this.

cooper  2010-07-06 05:47:57

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases