tags:

views:

296

answers:

4
+1  Q: 

How would you display Video on the web?

Sorry if the question is confused, as I'm confused myself. I'm working around these requirements:

  1. I'm building a public website where I need to display video.
  2. I need to control what the player looks like
  3. I'm the sole publisher of the video, meaning it can't be on YouTube for example
  4. I need as much protection as possible in terms of protecting the content from being downloaded

So, I've read around StackOverflow and the web, and found lots of suggestions, like numerous flash players, Streaming servers, DRM protocols, services like Panda etc etc.

The problem is I don't understand how everything fits together.

For example, what makes my video content secure? Is it the player on the client? is it the server that hosts the content? is it the streaming process? who hosts the streaming servers and what difference does this make?

Bearing in mind this is otherwise a very simple site, and is not a business venture.

if you were working around my requirements, what would you do? Could you explain step by step at a high level?

EDIT: Just based on a couple of answers, I'm not saying no one can ever download my content. And I realize this kind of thing is expensive.

I'm just asking, if you had my requirements, what would you do? And could you explain it to me so i understand?

thanks again

Edit: Thanks again for all the feedback, I can't vote anyone up as I'm a new user, but your answers have been very helpful.

The one thing I will say, is that my only request was to attempt security, that is 'make it difficult' for most users...that is common in software security.

Some of the suggestions have been just to not even try.

My question was really based around the fact that I know nothing about video deployment on the web, apart form the basic embedded swf flv combo.

Anyway, your info has been very useful though. I'll try a simple "real" streaming service (as opposed to HTTP streaming).

Any other recommendations would be awesome

cheers

+4  A: 

"For example, what makes my video content secure? " Nothing.

"Is it the player on the client?" Neither. Anyone can write a client and retain the video content. Remember this. Anyone can write a client. This client can absorb and save your video. Nothing can stop this. Nothing.

"is it the server that hosts the content?" No. Server is only one piece of security. You have to secure the protocol. And the client. And anyone can write a client and retain the video content.

"is it the streaming process?" No. Protocol is only one piece of security. You have to secure the server, the protocol and the client. And anyone can write a client and retain the video content.

"who hosts the streaming servers and what difference does this make?" You host the streaming video servers. Otherwise, you might as well use YouTube.

Edit

"The problem is I don't understand how everything fits together."

"For example, what makes my video content secure?"

These are unrelated. You keep mentioning security, AND not knowing how "everything" fits together.

Here's a suggestion: stop mentioning security -- edit your question to eliminate all references to security and see if you get more useful answers.

Many companies sell streaming media servers. You put HTML in your page that references the streaming media site.

Example. Apple sells Quicktime media server. Read http://developer.apple.com/documentation/QuickTime/Conceptual/QTScripting_HTML/QTScripting_HTML_Document/chapter_1000_section_1.html for lots of information on how to present video from quicktime.

S.Lott  2009-02-05 02:38:08
Hey S.lott, thanks for the answer.I realize nothing can ever be 100% secure, i just need to know about the best options, and how they are implemented.For example, HULU. I'm not HULU, nor have their money, but how do they attempt security?As for not being Hulu, well, what are my options then?
andy  2009-02-05 02:47:04
HULU has NO security. Someone can save the video. YouTube has no security. Someone can save the video. There is no security. Someone can save the video. That's the bottom line. Someone can save the video.
S.Lott  2009-02-05 10:49:27
And this isn't a "% secure" issue. The presence of a desktop client means the data can be saved. Period. What would an 80% secure solution look like? 80% of the user save things? A user can save 80% of a video?
S.Lott  2009-02-05 14:34:33
Hey S.Lott. I understand what you're saying. I guess some of my terminology is unclear. Security, especially content protection when it comes to the Internet, is a case of making certain actions (like downloading content) more difficult. That in itself is a 'level' of security. Like a lock on a door
andy  2009-02-05 22:00:16
When someone views the video, the door is open. Period. Lock it all you want. Once you present it, the door is open.
S.Lott  2009-02-05 22:12:44
but surely there are always to make it more difficult, no? Just curious, if someone asked you to consider content protection on their site would you just not even try? I mean, for example, Streaming as opposed to putting a link to the file on the page is an example of an attempt, any attempt no?
andy  2009-02-05 23:44:59
but you are right, that's why as a backup we'll only display very low res versions of the video.
andy  2009-02-05 23:45:31
"Content Protection" is a contradiction. Either you give them the content, or you don't. If you let them view it, they can keep it. You can ask people to login or pay a fee. But you can't stop them from keeping what they view.
S.Lott  2009-02-06 00:55:27
cool, you're right, that makes sense. thanks for your time man
andy  2009-02-06 05:39:55
+3  A: 

Before you go too far worrying about setting up these secure streaming protocol client server whatevers, make sure you weigh up the cost of your time getting this going, versus the cost of someone downloading your video.

Just to be clear: if your server is sending to a client, then they can copy (download) it. There's no way around it.

Response to your comment:

What I'd probably try doing if you wanted to try to avoid users downloading the files is this (I'll assume you're using FLV files, since they're the de facto standard on the web these days):

  • Put the FLV files in a non web-accessible directory.
  • Have a player.swf file request the file via a script on your site, eg: video.php?file=myVideo.flv
  • The video.php can then perform whatever security checks you'd like: for example, require logins, check the referrer, etc.
  • If the security checks are ok, then pass through the appropriate video file. If not, then perhaps have a short back-up video which is an ad for your site or something, saying "to watch this video, please come to mysite.com!"
nickf  2009-02-05 02:39:37
hey nickf, thanks for the answer.I understand what you and S.Lott are saying. But if you had my requirements, how would you approach it?just trying to learn and understand. cheers
andy  2009-02-05 02:48:32
hey nickf, thanks for your help, I appreciate it. I think on my site the videos would be public.I guess I'm looking for a streaming solution which is secure, but without the bell and whistles of 'tracking' and high bandwidth,its a very small site. I just don't understand how these solutions work
andy  2009-02-05 04:23:46
+2  A: 

Mostly video streaming sites like Hulu achieve a kind of poor-man's security by using RTMP to transfer the video data. You would need special server software to serve video via RTMP, for example Adobe Flash Media Server or WebORB.

RTMP is a proprietary protocol, so this is a case of security through obscurity; it's non-trivial to download a copy of the video (you can't just grab the file from a URL), but there are programs out there that are capable intercepting the stream and keeping a copy.

Kieron  2009-02-05 04:15:53
thanks kieron, thats really helpful.A lot of these Streaming servers are a bit OTT when it comes to features. My site is very simple, its just a place to display video work by video artists. My only concern is securing their content, as much as I can. Any recommendations based on that?thanks again
andy  2009-02-05 04:31:55
+1  A: 

2.I need to control what the player looks like

Download and customise a free player like OSFLV.

4.I need as much protection as possible in terms of protecting the content from being downloaded

Forget it.

DRM for FLV exists, but you'll have to pay Adobe a load of money for Flash Media Server and Flash Media Rights Management Server, you'll lose client compatibility and ease of deployment, and in the end it's still breakable. Big old waste of time.

Accept that some people will download your videos, and put a big watermark on them so at least when they do you're getting free advertising.

bobince  2009-02-05 13:52:37

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security