1

I'd like to stream video via HTML5 (Flash is not really an option for wide device support) but protect the video as much as possible from download. One method I am looking at is streaming from Cloudfront using signed URLs with a short expiry, eg. 2s. This starts the progressive download and plays OK and prevents manual download of the video (outside of the cache) after the expiry. I could also write some Javascript to deal with seeking to unbuffered regions, eg. regenerating the URL via an AJAX call to a PHP backend, or maybe even trigger on a 'stalled' event?

Does this solution hold any weight security-wise or is it better to eg. stream via PHP?

user3711766
  • 13
  • 3

1 Answers1

0

An old question but just in case it is still being asked: obfuscating or hiding URLs does not actually stop a valid authorised user from downloading, storing and sharing the video.

Ultimately, if the video can be played on the device then it can stored also with some faulty basic techniques.

The usual approach is to accept that the video will be downloaded, but to encrypt it so that anyone without a valid key won't be able to play it.

The usual way to securely share the key only with authorised users is via a DRM system.

If you are happy with a lower level of protection for your particular content you can use an open or clear key approach, using HLS or DASH as the streaming protocol - see this answer for more info:

Mick
  • 24,231
  • 1
  • 54
  • 120