This is a message.

Secure streaming with lighttpd

Use the lighttpd server for url obfuscation

standalone demo

Resolved URL shown here

The Secure Streaming plugin supports lighttpd's mod_secdownload secure download module. This module accepts secured URL's that are valid for a limited time.

This time we are using a varying timestamp value making the actual video URL different on each request. The mod_secdownload module can understand the hashed URL and will serve the correct video file. Users can see the URL from networking consoles or from Firebug, but it will be valid for a limited time only. You can adjust the time limit with the ecdownload.timeout variable in the lighttpd configuration file.

Here we are using a time limit of 10 seconds. If you use the URL below, after this delay the player will not work anymore. Our video is guaranteed to be secure. It should be noted that if you have splash setups where the player is loaded only after it is clicked then the delay should be much larger.

HTML

The video file is specified in the href attribute and it is the only part of the URL that can be seen from the page's source code. 

<!-- player container without splash. Note the /secvideo/ path element that we have
also configured in lighttpd to be the secure content area for mod_secdownload -->
<a
    href="http://flashy2.flowplayer.org:81/secvideo/Extremists.flv"
    style="display:block;width:425px;height:300px;"
    class="player"
    id="lighty">
</a>

HTML

Configuration

The timestamp was calculated using Java with Long.toHexString(System.currentTimeMillis()/1000). The token is the same as in the Lighttpd configuration file. 

var info = document.getElementById("info");
flowplayer("lighty", "http://releases.flowplayer.org/swf/flowplayer-3.2.11.swf", {
 
    // enable secure streaming plugin
    plugins: {
 
        secure: {
            // path to latest version
            url: "http://releases.flowplayer.org/swf/flowplayer.securestreaming-3.2.8.swf",
 
            // Timestamp from the server
            timestamp: '<%= Long.toHexString(System.currentTimeMillis()/1000) %>',
 
            // identical to lighttpd.conf / secdownload.secret
            token: 'simplek'
        }
    },
 
    clip: {
 
        // make the video clip use our secure streaming plugin
        urlResolvers: 'secure',
 
        onStart: function(clip) {
            info.innerHTML = '<p style="overflow:auto;">' + clip.url + '</p>';
        }
 
    }
 

});

JavaScript

The token will be visible in the player configuration when it's embedded in an HTML page. This proves a medium level of security because people can make programs that can generate secure URL's automatically. For full security you need to compile the token inside the plugin. You can do this yourself or you may purchase one from us.

You may also leave the token field empty and use the default value of this token. It is sn983pjcnhupclavsnda and it's also visible in the public source code of this plugin (hosted at Google code). This offers slightly better obfuscation than the example shown above.