[Red5] Selling DVD videos as streaming, feasible? possible?
Walter Tak
walter at waltertak.com
Tue Mar 3 07:05:54 PST 2009
Checking for pay-per-minute is also pretty easy by starting a scheduler that checks every 60 seconds against a backend if the current user is still allowed to watch the video. If not he will be disconnected right away. That's pretty 100% secure.
The token gives access to the server, the server then checks the ID of the user against your backend(database) and if you use a large token (say 16 to 32 characters, a-z, 0-9) then it's pretty hard to guess the random token. If you'd lock the token in your backend with the current IP of the user it's fairly impossible to break.
I've implemented those pay-per-minute checks on FMS and Red5 fyi. It's pretty doable.
----- Original Message -----
From: Ritu Raj Tiwari
To: red5 at osflash.org
Sent: Tuesday, March 03, 2009 4:25 AM
Subject: Re: [Red5] Selling DVD videos as streaming, feasible? possible?
For security I would suggest something along the following lines:
a.. Run red5 as a separate stateless entity that will stream videos if a valid security token is supplied in the connection URL/request.
b.. Run a web application that maintains user login and generation of license/token to view the stream
c.. When user requests playback, generate a playback token which is valid for a small time duration, say 60 secs.
a.. A simple way to do this is to take the current timestamp and encrypt it with a symmetric key known to your app server and your Red 5 code.
d.. Your UI will submit this token in its RTMP/RTMPS request to your Red 5 application.
e.. Your Red5 application will validate token by decrypting the token and comparing the timestamp to the current time. If it checks out, the media will be streamed.
Hope this helps.
-Raj
On Mon, Mar 2, 2009 at 7:12 PM, dax702 <dax702 at cox.net> wrote:
Thank you for the reply. Security, yes it's important. My plan would be to
sell these as products in a shopping cart and after a user checks out, he
should get some access code, maybe tied to his IP address or something so
that he cannot share the stream with someone else. Does Red5 have issues
with security that make it not a good choice for a commercial website?
--
View this message in context: http://www.nabble.com/Selling-DVD-videos-as-streaming%2C-feasible--possible--tp22301530p22301745.html
Sent from the Red5 - English mailing list archive at Nabble.com.
_______________________________________________
Red5 mailing list
Red5 at osflash.org
http://osflash.org/mailman/listinfo/red5_osflash.org
--
-Raj
------------------------------------------------------------------------------
_______________________________________________
Red5 mailing list
Red5 at osflash.org
http://osflash.org/mailman/listinfo/red5_osflash.org
------------------------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG.
Version: 7.5.557 / Virus Database: 270.11.6/1981 - Release Date: 3/3/2009 7:25 AM
--
I am using the free version of SPAMfighter.
We are a community of 6 million users fighting spam.
SPAMfighter has removed 598 of my spam emails to date.
Get the free SPAMfighter here: http://www.spamfighter.com/len
The Professional version does not have this message
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://osflash.org/pipermail/red5_osflash.org/attachments/20090303/378ae2a9/attachment.html>
More information about the Red5
mailing list