可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
Is it possible to protect flv files from download? I'd like to protect my files from download but I don't have the money for a streaming server which I think provides some sort of protection. The files are streamed via PHP and are located in an upload folder on my server.
I've used PHP to ensure that only subscribers can view the video but I basically want to go a step further and prevent subscribers from, upon login, downloading my videos with downloaders such as Sothink Flv Downloader for Firefox.
回答1:
I fully agree with the DRM consensus of other answers. But would like to add...
There are a couple of obfuscation techniques that may meet you needs. "Good enough", as they say. These aren't full proof mechanisms, but very well may prevent 80%-99% of people trying to copy your FLV
streams/files. A dedicated hacker will get to it, but most folks are just script kiddies (or their FireFox plug-in loving cousins.) Plus, some of these techniques are really easy:
- Change/remove the MIME type the server is responding with. Flash players blissfully ignore it anyway. E.g.: image/jpeg
- Change the file extension from .flv to something else, like .jpg. Again, Flash players blissfully ignore it anyway. Additionally, once the file is saved to disk, a non-FLV player will open it (and complain about it being an invalid file format.)
- Set aggressive 'don't cache' headers for all your
FLV
content. (This, naturally, means more traffic and bandwidth consumed. Maybe this is not an issue for you?)
- Stream over UDP-based protocols (like RTSP). While my read is that UDP protocols are on the way out for large scale streaming of on demand content, it is much more difficult to copy. E.g.: Real Downloader cannot currently pilfer these streams.
- Break up content into two or more pieces of partial content, and play them back to back.
- Hide your FLV content behind a simple, custom one-time authentication mechanism
- Player requests authorization key for content A
- Server returns an authorization1 key: SHA1(content key + salt1)
- Server stores content key, authorization1 key, authorization2 key (which is SHA1(authorization1 + salt2))
- one time use
- limited validity (E.g.: 2 seconds)
- Player creates authorization2
- Player requests content a with authorization2
- Server sends ´FLV´ content to client if and only if
- authorization key matches to content key in server side store
- authorization key has not expired
I've actually implemented that last idea, the authorization mechanism, myself and can vouch for it's practical effectiveness. No, it is not totally secure. But it is good enough. Not even a power users is capable of beating it.
Defeating it requires
- reverse engineering the process,
- decompiling your Flash player,
- putting it all back together again.
Good enough.
It is amazing how many "plz sends me teh codez" emails this post has generated from the "simple, custom one-time authentication mechanism" suggestion. Don't bother, I can't--it was for a proprietary project for my employer, xtendx AG. If interested in purchasing the system, email sales@xtendx.com.
回答2:
There is no way to add DRM protection (i.e. encryption) to static FLV files - anyone who knows the URL can simply download them, or (in some cases) get them out of their browser's cache, and then play them in any supporting player. (However, you can probably prevent people from embedding your content in other sites - google "Hotlinking protection".)
Streaming your FLVs can be done for free with OSS like Red 5. This doesn't offer "DRM" protection per se, but it does send the video in a file stream, so there is no single file for the user to download and save. It's still possible for the user to capture the file with certain programs, but it's much more inconvenient.
As for "real" DRM, the only solution I'm aware of is Adobe Flash Media Rights Management Server. I've never used it, but apparently it will stream DRM-encrypted FLV or MP3 content, and enable you to apply the usual sorts of DRM restrictions.
回答3:
You can't. Any effort or money that you spend chasing DRM will be a waste of resources that you could have put into improving your product. Put your logo and URL into the videos, so that anyone copying them is advertising your site, put a copyright notice into the videos and sue anyone who you catch copying your content illegally, and call it a day.
回答4:
The short version is that DRM (in any form) is an arms race, If I can play it, I can steal it. The only question is how hard is it.
Personally, I don't think DRM is a good idea. In the long run, it's not going to help because people who steal it, will steal it no mater what you do and those who don't will be inconvenienced by it even so.
http://xkcd.com/488/
That said, stealing it is also not a good idea and you should have the right to control what you produce. (However I don't know how to do that)
The only answers I can think of for this are: 1) start selling something that can't be stolen or 1) make it easier to buy then steal. The first amounts to Pandora-for-fee/Netflix-for-music (but with something like a CC license on major label songs). The second isn't even a music industry problem but a financial industry problem; how to make online payments easy and safe for both side without screwing over either the buyer or the seller.
回答5:
Have you thought about hosting your video on Amazon S3? you can set urls for your videos to expire so that the link to the video will only be valid for certain period of time. This doesn't prevent anyone from getting the video from their cache once it has downloaded nor does it prevent other ways such as using Orbit downloader, or RealPlayer video downloader but it would prevent hotlinking.
I agree with comments that this is an arms race and a strategy for video delivery that accepts that people do want to download videos to share or copy to other devices etc and tries to live with it will probably be the most successful and pain free. Watermark, embed links to your site, try to capitalise on the increase in the number of eyeballs watching your video as a result of being downloadable.
回答6:
sites like youtube try to make it difficult to download their videos by obfuscating the flash and also changing the structure every so often. As others have said it is an arms race. Youtube updates their structure and then tools like pytube have to also update.
回答7:
Have a look to this analysis from Longtail.
It starts with a golden rule:
Anyone who can watch your video can steal your video.
And it ends up with a really nice series of security concerns and prevention techniques.
回答8:
Make a seperate site for your content. Configure web server app settings for 2nd site ("content server") to intercept requests for any static content (your videos, pictures, whatever) so you can do a check for a permissions cookie for each requested piece of content to check if theyve been validated and granted access to that piece of content or not.
回答9:
No protection can beat a simple use of WireShark + NetMiner.
Period.
Oh and by the way, about youtube, if you use Chrome check out this extension:
http://hosting.gmodules.com/ig/gadgets/file/113621719436589749332/ZiTube.crx
It just creates a download button under youtube videos ;)