Obfuscate your video location
The Secure Streaming plugin is compatible with the Wowza media server and with lighttpd's mod_secdownload module. If you don't use lighttpd or Wowza you can also implement the required server-side functionality by using PHP, Java or some other server-side programming language.
Features
- Compatible with lighttpd's mod_secdownload module.
- Supports the Wowza server's secure token feature.
- Provides an efficient way to prevent inline linking of your video files.
NOTE: This plugin does not work in conjunction with the bandwidth detection, bitrate selection, and clustering plugins.
URL Obfuscation
The URL is secured using the secure streaming plugin. The purpose of this demo is to teach you the basics of securing the video path. Check also the other secure streaming demos to learn more.
With HTTP-based security, the trick is to alter the requested URL. This example uses the ExtremistsHD.flv video file that can be seen in the page's source code. When the video file is requested, the path of the file is "hashed" and it takes the following format:
/vod/demo.flowplayervod/027a89fc1b8967ebc564af80c68db0ce/987987987/Extremists.flv
Secure Streaming With Wowza
The Wowza Media Server supports secure streaming out-of-the-box. It also has the added benefit over HTTP that you cannot see the requested video URL using commonly used browser debuggers such as Firebug. This example uses the Wowza streaming server together with our secure streaming plugin.
The Secure plugin and Wowza server perform a handshake. This guarantees that only those clients that have access to the secret token are able to stream videos from the Wowza server.
Configuration
| property / datatype | Default | Description |
|---|---|---|
|
token |
null |
The shared secret known by the server and the client only. If you really want to keep this secret consider acquiring a custom build. |
|
timestamp |
null |
The current timestamp. This is number of milliseconds since
January 1, 1970, 00:00:00. For example Java's
|
|
timestampUrl |
null |
If you don't have the possibility to calculate this on the page you can supply an URL used to request for a timestamp. |
More protection
This plugin has a default token value that should be kept secret so that it is
known only by the server and Flowplayer. This applies when using both Wowza or
HTTP. As explained here we can do a lot by just making the media links to expire -
this can be accomplished using the timestamp that is part of every request URL
generated by this plugin. Just by making the links expire we prevent most of the
inline linking activity.
To get more security you can compile the token value into the plugin SWF. To do
this you will need to edit the TOKEN value in the sources of this plugin, and then
compile the plugin SWF. See
here for more information on how to develop and compile plugins.
If you need a custom Secure Streaming plugin where the shared secret is compiled in, drop us a line at info@flowplayer.org. We will compile you a custom plugin with the secret compiled in, the price of this service is 150.00 $ (or 110 €).
Download
| flowplayer.securestreaming-3.2.8.swf | just the working flash file to get you going |
| flowplayer.securestreaming-3.2.8.zip | working flash file (swf) + README.txt and LICENSE.txt |
| flowplayer.securestreaming-3.2.8-src.zip | source code |
Please right-click and choose "Save link as..." (or similar)
See the version history for this tool.
Found a bug?
If you encounter problems in this script, please send a bug report to the bug reporting forum. If you have a problematic page, including a direct URL to that page is by far the most effective way of helping us to find a bug.