just I want to know that I am preparing one website regarding videos. I want to upload on my server or third party's server but I do not want to show the path of the video .. Is it possible..?
Not really. The source of the stream will always be known by the client - the client can't receive from a black hole.
Using Flash you could try to hide it, but only from non-technical users. If you're trying to protect the IP of the source, you might look into a proxy solution.
Related
I currently have an IPTV subscription and as a fun little side project I decided to create a multiplatform IPTV app. However, I'm running into some trouble when trying to stream video.
The .m3u playlist I am currently using has streaming links, however they do not end in .m3u8 as I am usually accustom to.
When I do a get request to the link in insomnia, it begins to download content with a MIME type of video/mp2t.
I have tried using hls.js along with a few other html video players however I cannot seem to get it to work.
The playlist does work with VLC!
I feel like I am missing something, just not sure what.
Thanks!!
If your IPTV service has content that the service provider wants to restrict then they may encrypt the content, use DRM and/or obfuscate the access to the manifest files and segments streams.
The reason they do this is to ensure that only their apps can be used to playback the content - this does not always have to be just for paid services as the content owner may require the content to be encrypted even for free IPTV services.
You can still do your experiment and build your multiscreen project using test streams which are available online - there are both DASH and HLS online streams available in a number of places. see here for a useful list:
https://bitmovin.com/mpeg-dash-hls-examples-sample-streams/
I am working on online community where users will have the profile page , where he can upload the image of his choice or give the url of the remote image .
So Is it good to just store the remote image url and not the image itself and use it like this on profile page like this
<img src="remote_image_url">
or download the image from remote url and store it on the local/our server for the later use like this
<img src="path_on_our_server">
i am thinking from the hack-proffing point of view , as are there any issues if i allow users to use remote image and use it as it is instead of downloading it on to our servers ?
You should store the image, loading a remote URL which you don't have control over is always dangerous.
To expand:
A user adds their avatar as www.example.com/pic.jpg. They then notice that you are simply including that URL on your site, so they change their avatar to www.example.com/hack.js and you still include this file so now any JS they add in that file will be ran on their site.
A embedded JS inclusion like this is a hackers dream and is DEFINITELY a HUGE security flaw. If you want to read a bit about a real life example of one of these attacks, ebay was caught out by one last year - http://www.infosecurity-magazine.com/news/ebay-under-fire-after-cross-site/
Think about what risks you are trying to mitigate.
Whether you let users upload images to your site or add links to remote image locations, bad people will do bad things. If you let people upload images to your server, there could be attack vectors against your server (vulnerability in image processing libraries triggered by deliberately malformed images). If you let people add links to remote images, the remote images could be malicious to target browser vulnerabilities (and your site then appears to be hosting malicious images).
If you care about people uploading profile images that are inappropriate then you will need active curation of some kind.
The Gravatar service specializes in hosting profile avatar images and has a Terms of Service squad to "police" avatar content.
http://gravatar.com
By using the user's avatar url in your code you're actually making all your visitors visit that user's site as well. The user will be able to track who looks at the image and when.
This is pretty much how analytic tools works. By requesting a resource from a third party site, the third party can track your users.
I have a website that has a web page with a html5 video-tag, and the user can supply a URL, and it will play in the video-tag.
The webpage uses JavaScript commands that control the video-tag - for instance, it can pause the video, move to a different point in the video, etc.
It works fine with the cloud. Videos stored on Microsoft Azure can be used, for instance (Azure gives you a way to get a URL to any video on your cloud storage, and streams it too).
However, I have users that store videos on Google-drive, and also on Microsoft One-Drive.
From what I can see, I can play these videos, but only in a page (probably with Google's own player in it) on their site.
It seems that there is no way to get a URL to these videos that I can put in a video tag.
Without the ability to do that, I can't use the javascript commands that work with the html5 video-tag.
Is there any workaround?
Or am I missing something?
Thanks.
For playing videos that are stored in google-drive using your app:
you need oauth2 credentials to access the user's drive, but assuming you have the oauth part covered :
you can create a drive application as a google appengine app and deploy it in a part of your website.
enable the drive-sdk and set the open-url to your website (that you have verified)
-> basically this tells drive to redirect towards your website whenever the user clicks on the video (from his drive)
when drive redirects to your website a json file will be sent, you'll have informations such as fileId from there i think you can execute the method files().get() to retrieve the necessary information for you to play the video
I advise you to take a look at this course in codeschool.
I'm hosting images for client websites. I want them to be able to link to the images locally ie. www.myclient.com/clip1.jpg but have the image actually loaded from www.mysite.com/clip1.jpg. The idea is to provide security/anonyminity so the client doesn't have to reveal that they are using my service (through the images on my site).
Can this be done without editing .htaccess?
Thanks,
skibulk
If you don't want to reveal where the final origin is, then the image has to come from the server that you want it to appear to come from. A redirect will reveal the real origin.
You can proxy the images with with Apache directives, the equivalent for whatever non-Apache server is in use, or a server side script (written in the language of your choice that is supported by the server).
Just copying the images would probably be the most efficient approach though.
Need some help here :P
What im trying to do is simply get some data from an xml page located on a server.
However, the server first requires a username/password combination before i even get to see the xml content. What it does, is present a login form, that requires a user to provide credentials. Once the user hits the login, a js function is run, which logs the user in and then presents XML content to the user without ever redirecting the user to a different page.
So what im trying to ask is, is there a way (and if so, how) can i retrieve the XML of a page that first requires me to provide login details to the server?
Cheers
i'm assuming the XML data on the server is dynamic, otherwise you could simply copy and bundle the data into your own website - obviously.
i'm not sure of the nature of this data, but sometimes data can be accessed thru a website's backdoor, legally. you could try a quick search to see if this data is available publically, or even contact the data holder to find out for sure. in any case, you'll need to have a cross-domain policy file to access data that is not hosted on your own domain.
You cannot load variables or XML data
into a Flash movie from another
domain. For example, a Flash movie
loaded from
http://www.yourserver.com/flashmovie.swf
can access data residing at
http://www.yourserver.com/data.txt.
The text file is located within the
same domain as the SWF.
However, an attempt to load data from
http://www.NotMyServer.com/data.txt
will fail and no error messages are
displayed. The load action will cause
a warning dialog to appear.
Note: This security feature does not
affect Flash movies playing in
stand-alone projectors.
if the data is publicly available, there is probably a way to bypass this security restriction by using JavaScript and ExternalInterface to capture the data, but i'm not well versed with such routines.
this security restriction is not applicable to AIR applications.
more: Cross-domain policy for Flash movies