Thread: FLV Hotlinking Protection & File Management Help
View Single Post
Old 2010-01-18, 02:41 PM   #8
A.J. Angel
And Lord, we are especially thankful for nuclear power, the cleanest, safest
energy source there is. Except for solar, which is just a pipe dream
 
Join Date: Sep 2008
Posts: 229
Ok, I have just updated the player.swf and the swfobject.js file to the latest. I have also updated the embeddable code for the video.

I have done testing on my side and the hotlink protection is working under IE, Chrome and Opera. It doesn't work under Firefox or Safari as I was able to play them.

Quote:
Originally Posted by Cleo View Post
I just tried to play it in Safari and it didn't play. Are you sure you aren't loading from cache on your machine?
I cleared the cache and it is still the same for me.

Quote:
Originally Posted by cd34 View Post
So, with that fixed, then it is on to protecting your content. Since the url is in the open, someone could do a view source and download the content directly. What you would need to do is write a short plugin to protect the url by encoding it in some manner, and allow the player to decode that to find the original URL. You'll stop the honest porn surfers from finding the source, but, anyone running livehttpheaders or any similar plugin will be able to see the source url as the browser must ultimately pull that content.

the .htaccess protection would work if you were providing a direct link to the content, but, someone could just cut and paste the url.
Do you mean a plug-in for the player or a plug-in for Firefox and Safari? I also suppose the number of surfers using livehttpheaders are low?

On the actual site, the path to the video is a relative path and not a URL.

Quote:
Originally Posted by cd34 View Post
On the server side, you could switch to lighttpd which does handle FLV streaming, and use something like:

http://redmine.lighttpd.net/projects...BeforeDownload

which is a different method of protecting the content. You would set up the one directory as the trigger, and any request to access the protected content would be denied unless the trigger had been set. Of course, if they have viewed the site and set the trigger, they could easily view the source and download the content.
Unfortunately, I cannot use lighttpd so we must rule that option. On another hand, I also prefer using a method that I can understand and implement myself instead of relying on my webhost.
A.J. Angel is offline   Reply With Quote