禁止在Web浏览器中观看视频时下载临时文件夹中的视频 [英] Prevent downloading videos in temp folder while watching videos in web browser

问题描述

我使用Java和html5创建了一个Web应用程序.我已经在tomcat服务器war文件夹中上传了一些视频.说我的war文件名是"web".然后我的视频就在/opt/Apache/WebApps/web/videos/sample.mp4"之内.

I created a web application using Java and html5. I have uploaded few videos in tomcat server war folder.Say my war file name is "web". Then my videos are inside /opt/Apache/WebApps/web/videos/sample.mp4".

我正在使用html5视频标签播放视频.大多数视频大小都超过100mb. 我的视频标签就像

I am using html5 video tag for playing the videos.Most of the video size is more than 100mb. My video tag is like

<video src="/videos/sample.mp4"></video>

每当我播放视频时，都将自动下载到c驱动器的temp文件夹中.我的系统RAM大小是128mb.因此，当我观看两个或更多视频时，由于内存不足，突然PC崩溃了.

Whenever I played the video, automatically download inside our temp folder of my c drive. My system RAM size is 128mb. So when I watched two or more videos, suddenly PC gets struck due to less memory.

如何使用jQuery，Java servlet，jsp避免这种情况

How to avoid this using jQuery, Java servlet,jsp

推荐答案

根据我的经验，你做不到.但是，请尝试增加下载难度.

Base on my experience, you can't. But try to make it harder to download.

因为这是浏览器设计的目的:提供内容-就是将内容提供给用户.为了向您展示它的简单性，以下是我通常在几乎任何视频流网站上捕获视频的方法:

Because that's what browsers were designed to do: Serve content - which means give the content to the user. To show you how easy it is, here's how I usually grab videos on virtually any video streaming site:

准备首选浏览器调试器的网络"标签，然后加载视频.然后在已加载的资源中查找它.视频通常以.flv或.mp4进行流式传输，而音频则以.mp3进行流式传输.当您找到该URL时，打开一个新的选项卡/窗口并在其中打开链接.然后浏览器将下载文件.

Prepare the network tab of your preferred browser debugger and let the video load. Then look for it in the loaded resources. Videos are usually streamed in .flv or .mp4, and audio in .mp3. When you spot the url, open a new tab/window and open the link there. The browser will then download the file.

以下是使抓斗者的生活更加艰难的方法.就像我之前说的那样，这些方法不是万无一失的，但是至少可以避免打滑.

Here are methods on making a grabber's life harder. Like I said earlier, these are not fool-proof methods, but can at least ward off skiddies.

最近，我在研究JS中的运动检测时遇到了HTML5Doctor的这篇文章.这涉及通过来流式传输视频，然后使用一些JS，将视频从字面上复制到.这是一个示例，其中视频位于前面，而后面的画布则接收了同一视频的数据.

Recently I came across this article from HTML5Doctor while researching motion detection in JS. This involves streaming your video via a , then with some JS, literally copy the video to a . Here's an example where the video is up front, while the canvas at the back get's fed with data from that same video.

在HTML上预定义或将a动态插入DOM.这是玩家".用户看到的. 通过JS动态创建视频标签，将其添加到隐藏的DOM中，并为其提供要发送的网址.这将是画布的视频源. 然后，使用JS，您可以定期从刚刚创建的数据中获取数据并将其绘制到.通过此步骤，视频将被馈送到画布. 这是整个例程的最基本的内容.由于您的播放器现在是画布，并且隐藏了真实的视频，因此您可以尝试右键单击所需的所有内容并保存.由于画布的行为就像页面上的图像一样，因此您只能保存在画布上显示的帧的快照.至于控件，JS具有用于控件的API，因此您可以创建自定义按钮和滑块.

Predefine on the HTML or dynamically insert a to the DOM. This is the "player" that the user sees. Dynamically create a video tag via JS, append it to the DOM hidden and give it a url to stream. This will be the video source for the canvas. Then with JS, you periodically grab data from the you just created and draw it to the . With this step, the video gets fed to the canvas. That's the very basic of the entire routine. Since your player is now the canvas and the true video hidden, you can try right-clicking all you want and save. Since the canvas acts like an image on the page, you can only save a shot of a frame that was displayed on the canvas. As for controls, JS has an API for controlling so you can create custom buttons and sliders.

但是，如果他们知道您正在执行此操作，他们将找到您的隐藏视频元素，并且您被搞砸了.这就引出了我们在服务器端的帮助下补充这种仅前端技术的下一种方法.

However, if they know you are doing this, they will find your hidden video element, and you are screwed. This leads us to the next method that complements this front-end only technique, with aid from the server side.

防止此方法的一件事是防止链接可重用.使链接一次性，临时只能使用一次.播放器使用一次性网址加载后，将其丢弃.使其无法使用.

One thing you can do to prevent this method is to prevent the link from being reusable. Make the link disposable, temporary, one-time use only. Once the player loads using the disposable url, dispose of it. Make it unusable.

类似于CSRF预防，当浏览器请求包含您的视频的页面时，让其生成随机令牌并将其存储在服务器端的某些存储中以供以后参考.同时，将其附加到视频的网址中，如下所示:

Similar to CSRF prevention, when a browser requests a page with your video, have it generate a random token and store it in some storage on the server side for later reference. At the same time, append it to the url of your video, something like this:

///我们使用此网址从您的网站加载了ID为1234324的一些视频 //并将页面加载时生成的令牌附加为sid

//we load some video with id 1234324 from your site using this url //and the token generated on page load is appended as sid

http://yoursite.com/media.php?video_id=1234324& ; sid = a0s9d8a98a0d98asd09809wq0e9 现在，当播放器加载视频时，它将使用带有令牌的URL.让服务器验证令牌.

http://yoursite.com/media.php?video_id=1234324&sid=a0s9d8a98a0d98asd09809wq0e9 Now when your player loads the video, it will use this url that carries the token. Have the server validate the token.

如果效果不错，请流式传输视频并销毁服务器中的令牌，以避免重用.这实质上使URL仅一次使用".如果使用了无效的令牌，请返回适当的标头作为响应，例如403.

If it's good, stream the video and destroy the token from the server to avoid reuse. This essentially makes the url "one time use only". If an invalid token is used, return the appropriate headers as the response, like a 403 perhaps.

要增加一点安全性，可以通过将时间戳记和令牌一起存储来强制url过期.然后，如果请求时间戳仍在使用窗口"内，则将其与存储的时间戳进行比较.将此使用窗口"设置为足够短，可供页面上的播放器使用，但又不够长，以至于skiddie可以抓取该网址并将其粘贴到另一个标签/窗口/下载器中.

To add a bit more security, impose an expiry of the url by storing it's timestamp along with the token. Then compare the request timestamp with the stored timestamp if it's still within the "use window". Make this "use window" short enough to be used by the player on the page, but not long enough for a skiddie to grab that url and paste it into another tab/window/downloader.

这篇关于禁止在Web浏览器中观看视频时下载临时文件夹中的视频的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！