I´m developping an application that needs to show some videos, but in
a protected envinroment. Any user must be authenticated to see the
videos. But for example, if anyone know the path of the videos, can
access directly to this site and download it without authentication.
If I write in the location bar the url of a video, I can download
without problem because the application cannot test if the user is
already authenticated or not. I´ve read something about RedirectMatch
and it works well but now the users cannot see the videos.
I try to write an example:
..- #I write this rule in the httpd.conf
RedirectMatch (.*)\.avi$
/myapplication/tools/downloadfile.ph p?filename=$1
With this rule I redirect all the requests for the video files include
the request of a window media player, but I don´t want to do this.
When I show the video directly on the web, I don´t need to redirect
but when is a direct request from url to download the file, I must
check if the user is authenticated.
I hope that you can understand my bad english.
Fran García 6 3549
On Fri, 22 Jul 2005 05:11:04 -0700, fgarciarico wrote: If I write in the location bar the url of a video, I can download without problem because the application cannot test if the user is already authenticated or not. I´ve read something about RedirectMatch and it works well but now the users cannot see the videos.
Do one of the following:
1) Use Basic Auth in the .htaccess file
Example: http://httpd.apache.org/docs/1.3/howto/auth.html
2) Use Basic Auth within PHP http://us2.php.net/features.http-auth
I recommend number (1). Of course, the trouble with that is that it is
outside any application logic.
You could try putting any .avi (or other protected files) outside the http
virtual directory path and then create a PHP shell app that just gets and
downloads the file for you. (I know you said you are trying something
like this). To do this you will need to use
header("Content-type: blah/blah");
where blah/blah is the correct content type
The important thing here is to put the .avi files (any protected files)
OUTSIDE the http virtual directory path! So that one cannot just type in
a URL and get the file.
--
JDS | je*****@example .invalid
| http://www.newtnotes.com
DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/
JDS wrote: On Fri, 22 Jul 2005 05:11:04 -0700, fgarciarico wrote:
If I write in the location bar the url of a video, I can download without problem because the application cannot test if the user is already authenticated or not. I´ve read something about RedirectMatch and it works well but now the users cannot see the videos.
Do one of the following:
1) Use Basic Auth in the .htaccess file Example: http://httpd.apache.org/docs/1.3/howto/auth.html
2) Use Basic Auth within PHP http://us2.php.net/features.http-auth
I recommend number (1). Of course, the trouble with that is that it is outside any application logic.
You could try putting any .avi (or other protected files) outside the http virtual directory path and then create a PHP shell app that just gets and downloads the file for you. (I know you said you are trying something like this). To do this you will need to use
header("Content-type: blah/blah");
where blah/blah is the correct content type
The important thing here is to put the .avi files (any protected files) OUTSIDE the http virtual directory path! So that one cannot just type in a URL and get the file.
-- JDS | je*****@example .invalid | http://www.newtnotes.com DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/
put a .htaccess in your video dir containing the line:
deny from all
this will prevent any browser access in that dir
now deliver the videos to your users with a php script that
1. checks the credentials and
2. if ok, delivers the video via the servers filesystem, using i.e.
readfile (which is not affected by .htaccess)
micha
deliver_video.p hp has to be outside the video dir of course
micha
chotiwallah wrote: JDS wrote:
On Fri, 22 Jul 2005 05:11:04 -0700, fgarciarico wrote:
If I write in the location bar the url of a video, I can download without problem because the application cannot test if the user is already authenticated or not. I´ve read something about RedirectMatch and it works well but now the users cannot see the videos.
Do one of the following:
1) Use Basic Auth in the .htaccess file Example: http://httpd.apache.org/docs/1.3/howto/auth.html
2) Use Basic Auth within PHP http://us2.php.net/features.http-auth
I recommend number (1). Of course, the trouble with that is that it is outside any application logic.
You could try putting any .avi (or other protected files) outside the http virtual directory path and then create a PHP shell app that just gets and downloads the file for you. (I know you said you are trying something like this). To do this you will need to use
header("Conte nt-type: blah/blah");
where blah/blah is the correct content type
The important thing here is to put the .avi files (any protected files) OUTSIDE the http virtual directory path! So that one cannot just type in a URL and get the file.
-- JDS | je*****@example .invalid | http://www.newtnotes.com DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/ put a .htaccess in your video dir containing the line:
deny from all
this will prevent any browser access in that dir
now deliver the videos to your users with a php script that
1. checks the credentials and 2. if ok, delivers the video via the servers filesystem, using i.e. readfile (which is not affected by .htaccess)
micha
Or, better yet, put them below the document_root. That way you're not depending
on the .htaccess.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
I´ve thought something like that but I must show the video files into
a media player object in my web pages and I think that if the video
file isn´t on a valid url, I cannot show it. Or?
On Tue, 26 Jul 2005 00:30:44 -0700, fgarciarico wrote: I´ve thought something like that but I must show the video files into a media player object in my web pages and I think that if the video file isn´t on a valid url, I cannot show it. Or?
You can use a PHP file as the video file. Just send the proper header.
For example, I can use a PHP script as a JPEG or GIF image if I send the
proper header:
header("Content-type: image/jpeg");
AND if the content following is an actual JPEG image.
For example, say I have an image, "image.jpg" . I can read it into the PHP
script using one of the binary-safe file reading functions in PHP:
(I think this example will work)
getimage.php:
<?
/* ...Include authentication and security stuff here...*/
$file = "image.jpg" ;
$file_contents = file_get_conten ts($file);
header("Content-type: image/jpeg");
print $file_contents;
exit;
?>
Now include getimage.php in your HTML page:
<p>
<img src="getimage.p hp">
</p>
You should be able to do the same with a video file. Using the video
file's MIME type, of course, in the header.
later...
--
JDS | je*****@example .invalid
| http://www.newtnotes.com
DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: benjamin |
last post by:
A pygame/python game resource question
######################################
I wander whether there is any possibility to compile a bunch of
resources for a program, like images and soundfiles into a package
like, let´s say "game.dat", so they do´t fly around in the programs
folder und can be edited by everyone.
Hope somebody can help me.
|
by: LarryM |
last post by:
Hi,
NB, not to stop capturing the single displayed Image, but to stop downloading
the entire image directory.
(In my Website you will do a search, and get some thumbnails, and these can be
enlarged one by one).
This topic seems to be frequent.
Some says that you under no circumstances can protect your images, others seem
to have preventing solutions.
|
by: travelling_nerd |
last post by:
Folks:
I have some zip files I'd like to serve to authenticated users on my
site, but would like to prevent unauthorized users from using an
absolute path to get to these zip files. For example
http://blah.com/file.zip should not be accessible directly without
authenticating. However, my current authenticaion goes to an LDAP
server and I'd rather not prompt users for another username and
password.
|
by: Brian Madden |
last post by:
Hello All,
I have what I thought would be a simple problem although I've been searching
for a few hours with no luck.
I have several PDF and MPG files I would like to provide to users to
download via HTTP. I also have a database of user accounts. I would like to
protect the PDF and MPG files so that users cannot "save target as" or "view
source" to directly link to the files.
|
by: Hongbo |
last post by:
Hi,
We have a web site which needs user to login. After login, there are some files available for download on some pages. A typical link of such file is like this one:
https://www.ourdomain.com/docs/contracts/c_02102006.pdf
I noticed that any one could get this file if the person knows this link regardless if this person has logged in or not.
Is there a way to prevent people who do not login to reach such downloadable files?
Thank...
| |
by: Miro |
last post by:
Why Password protect an MDB when someone can google and get a hack?
Wondering if anyone else has thought of this and just said "oh well"...
I plan to password protect an MDB where I have some system/program variables
and data.
But looking in google, there are plenty of programs a user can download to
hack and crack that password.
|
by: =?Utf-8?B?am9uaWdy?= |
last post by:
I wrote a simple VB.NET application that imports and edits CSV files.
Now I’d like to “lock” the raw (pre-import) CSV files so these cannot be
opened separately. It is not high-sensitive data, I just don’t want folks to
peek in the files.
So time-consuming encryption is not necessary, just a simple
password-to-open that I can program in my application so it internally opens
the imported CSV file would be perfect, but I can’t...
|
by: teejayem |
last post by:
Hi,
I am new to programming with databases and was wanting some help.
Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
Any help would be much appreciated.
Thanks in advanced.
|
by: Alan Silver |
last post by:
Hello,
I am writing a site where people can buy ebooks. I want to have a system
whereby they can download the file(s) once they have paid, but
(obviously) not before. I also want some sort of protection to stop
people simply posting the download link around the 'net and have every
Thomas, Richard and Harold grabbing them!
Any suggestions for this?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
| |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |