保护 Flash 视频免受下载/正确保护 [英] Protect flash video from download/right protect
问题描述
是否可以保护 flv 文件不被下载?我想保护我的文件不被下载,但我没有钱购买流媒体服务器,我认为它提供了某种保护.这些文件通过 PHP 流式传输并位于我服务器上的上传文件夹中.
Is it possible to protect flv files from download? I'd like to protect my files from download but I don't have the money for a streaming server which I think provides some sort of protection. The files are streamed via PHP and are located in an upload folder on my server.
我使用 PHP 来确保只有订阅者才能观看视频,但我基本上想更进一步,防止订阅者在登录时使用诸如 Sothink Flv Downloader for Firefox 之类的下载器下载我的视频.
I've used PHP to ensure that only subscribers can view the video but I basically want to go a step further and prevent subscribers from, upon login, downloading my videos with downloaders such as Sothink Flv Downloader for Firefox.
推荐答案
我完全同意其他答案的 DRM 共识.但是想补充...
I fully agree with the DRM consensus of other answers. But would like to add...
有几个混淆 可能满足您需求的技术.足够好",正如他们所说.这些不是完整的证明机制,但可以很好地阻止 80%-99% 的人试图复制您的 FLV 流/文件.专门的黑客会搞定它,但大多数人只是脚本小子(或者他们喜欢 FireFox 插件的表亲).另外,其中一些技术非常简单:
There are a couple of obfuscation techniques that may meet you needs. "Good enough", as they say. These aren't full proof mechanisms, but very well may prevent 80%-99% of people trying to copy your FLV streams/files. A dedicated hacker will get to it, but most folks are just script kiddies (or their FireFox plug-in loving cousins.) Plus, some of these techniques are really easy:
- 更改/删除服务器响应的 MIME 类型.无论如何,Flash 播放器很乐意忽略它.例如:图像/jpeg
- 将文件扩展名从 .flv 更改为其他名称,例如 .jpg.再说一次,Flash 播放器无论如何都会幸福地忽略它.此外,一旦文件保存到磁盘,非 FLV 播放器就会打开它(并抱怨它是无效的文件格式.)
- 为您的所有
FLV内容设置激进的不缓存"标头.(这自然意味着消耗更多的流量和带宽.也许这对您来说不是问题?) - 通过基于 UDP 的协议进行流式传输(如 RTSP).虽然我读到 UDP 协议即将用于按需内容的大规模流媒体,但复制起来要困难得多.例如:Real Downloader 目前无法窃取这些流.
- 将内容分解为两个或多个部分内容,然后连续播放.
- 将您的 FLV 内容隐藏在一个简单的、自定义的一次性身份验证机制之后
- 玩家请求内容 A 的授权密钥
- 服务器返回一个 authorization1 密钥:SHA1(内容密钥 + salt1)
- 服务器存储内容密钥、authorization1 密钥、authorization2 密钥(即 SHA1(authorization1 + >salt2))
- 一次性使用
- 有限的有效性(例如:2 秒)
- Change/remove the MIME type the server is responding with. Flash players blissfully ignore it anyway. E.g.: image/jpeg
- Change the file extension from .flv to something else, like .jpg. Again, Flash players blissfully ignore it anyway. Additionally, once the file is saved to disk, a non-FLV player will open it (and complain about it being an invalid file format.)
- Set aggressive 'don't cache' headers for all your
FLVcontent. (This, naturally, means more traffic and bandwidth consumed. Maybe this is not an issue for you?) - Stream over UDP-based protocols (like RTSP). While my read is that UDP protocols are on the way out for large scale streaming of on demand content, it is much more difficult to copy. E.g.: Real Downloader cannot currently pilfer these streams.
- Break up content into two or more pieces of partial content, and play them back to back.
- Hide your FLV content behind a simple, custom one-time authentication mechanism
- Player requests authorization key for content A
- Server returns an authorization1 key: SHA1(content key + salt1)
- Server stores content key, authorization1 key, authorization2 key (which is SHA1(authorization1 + salt2))
- one time use
- limited validity (E.g.: 2 seconds)
- 授权密钥与服务器端存储中的内容密钥匹配
- 授权密钥未过期
我实际上已经实现了最后一个想法,授权机制,我自己并且可以保证它的实际有效性.不,它并不完全安全.但这已经足够了.即使是高级用户也无法击败它.
I've actually implemented that last idea, the authorization mechanism, myself and can vouch for it's practical effectiveness. No, it is not totally secure. But it is good enough. Not even a power users is capable of beating it.
打败它需要
- 对流程进行逆向工程,
- 反编译您的 Flash 播放器,
- 重新组合起来.
够了.
令人惊讶的是,这篇帖子根据简单、自定义的一次性身份验证机制" 的建议生成了多少plz 向我发送代码" 电子邮件.别打扰,我不能——这是我雇主的专有项目,xtendx AG.如果有兴趣购买该系统,请发送电子邮件至 sales@xtendx.com.
Good enough.
It is amazing how many "plz sends me teh codez" emails this post has generated from the "simple, custom one-time authentication mechanism" suggestion. Don't bother, I can't--it was for a proprietary project for my employer, xtendx AG. If interested in purchasing the system, email sales@xtendx.com.
这篇关于保护 Flash 视频免受下载/正确保护的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
