Prevent downloading videos in temp folder while watching videos in web browser - javascript

I created a web application using Java and html5. I have uploaded few videos in tomcat server war folder.Say my war file name is "web". Then my videos are inside /opt/Apache/WebApps/web/videos/sample.mp4".
I am using html5 video tag for playing the videos.Most of the video size is more than 100mb.
My video tag is like
<video src="/videos/sample.mp4"></video>
Whenever I played the video, automatically download inside our temp folder of my c drive. My system RAM size is 128mb. So when I watched two or more videos, suddenly PC gets struck due to less memory.
How to avoid this using jQuery, Java servlet,jsp

Base on my experience, you can't. But try to make it harder to download.
Browsers make grabbing too easy
Because that's what browsers were designed to do: Serve content - which means give the content to the user. To show you how easy it is, here's how I usually grab videos on virtually any video streaming site:
Prepare the network tab of your preferred browser debugger and let the video load. Then look for it in the loaded resources. Videos are usually streamed in .flv or .mp4, and audio in .mp3. When you spot the url, open a new tab/window and open the link there. The browser will then download the file.
Making it harder
Here are methods on making a grabber's life harder. Like I said earlier, these are not fool-proof methods, but can at least ward off skiddies.
Video to Canvas technique
Recently I came across this article from HTML5Doctor while researching motion detection in JS. This involves streaming your video via a , then with some JS, literally copy the video to a . Here's an example where the video is up front, while the canvas at the back get's fed with data from that same video.
Essentially, what you do is:
Predefine on the HTML or dynamically insert a to the DOM. This is the "player" that the user sees.
Dynamically create a video tag via JS, append it to the DOM hidden and give it a url to stream. This will be the video source for the canvas.
Then with JS, you periodically grab data from the you just created and draw it to the . With this step, the video gets fed to the canvas.
That's the very basic of the entire routine. Since your player is now the canvas and the true video hidden, you can try right-clicking all you want and save. Since the canvas acts like an image on the page, you can only save a shot of a frame that was displayed on the canvas. As for controls, JS has an API for controlling so you can create custom buttons and sliders.
However, if they know you are doing this, they will find your hidden video element, and you are screwed. This leads us to the next method that complements this front-end only technique, with aid from the server side.
Temporary resource urls
One thing you can do to prevent this method is to prevent the link from being reusable. Make the link disposable, temporary, one-time use only. Once the player loads using the disposable url, dispose of it. Make it unusable.
Similar to CSRF prevention, when a browser requests a page with your video, have it generate a random token and store it in some storage on the server side for later reference. At the same time, append it to the url of your video, something like this:
//we load some video with id 1234324 from your site using this url
//and the token generated on page load is appended as sid
http://yoursite.com/media.php?video_id=1234324&sid=a0s9d8a98a0d98asd09809wq0e9
Now when your player loads the video, it will use this url that carries the token. Have the server validate the token.
If it's good, stream the video and destroy the token from the server to avoid reuse. This essentially makes the url "one time use only". If an invalid token is used, return the appropriate headers as the response, like a 403 perhaps.
To add a bit more security, impose an expiry of the url by storing it's timestamp along with the token. Then compare the request timestamp with the stored timestamp if it's still within the "use window". Make this "use window" short enough to be used by the player on the page, but not long enough for a skiddie to grab that url and paste it into another tab/window/downloader.

Related

How to embed videos with a customized player and automatic transcoding?

I need to embed videos into my web application and have the following requirements:
The videos need to be automatically transcoded into different
resolutions
Playbackspeed needs to be selectable
Needs to work on mobile
I need to modify the player
The videos need to be uploadable by non software developers => user interface for video upload and management
The problem with embedding a video from a platform is that you usually have to use an iframe to do this. However if the iframe is from another domain, I don't have access to its content and therefor can't modify the player, because I can't access the video element residing in the iframe.
The modifications I need to make are the following:
Put markers at specific cuepoints in the timeline
Pause the video at the cuepoints
Display some additional information below the video when the cuepoint is reached
The only possible solution, that I found so far, is hosting a platform myself on a subdomain of my web applications domain and adjust the code of that platform to set the document.domain property to the domain of my web application. That way I would be able to access the video tag that is inside the iframe provided by the platform. The things that I don't like about that solution is that I would prefer not to host the platform myself and it would also be nice if I wouldn't need to modify the platform.
You can use video tag provided by HTML5.
<video>
<src = "your src here">
</video>
firstly create video according to all the resolutions and store it
then change the src for different types of resolutions using javascript web API
var videoplayer = document.getElementsByTagName("video")[0];
videoplayer.src = "new src here according to the resolution"
playback speed can also be changed using the same way
videoplayer.playbackRate = "value according to the user"
Here is an example for looking on modifying the videoplayer.
You can detect the speed of the user using javascript and render the source of video accordingly.
If you dont want to download anything to check the network speed then have a look at how to implement adaptive starting experience of video using service-worker.

Best practices for loading videos on a web page?

Would like to understand how AirBnb is able to load a 20MB background video file so fast on their homepage. After inspecting their homepage on WebPageTest, I noticed that the video did not show up in any of the downloaded resources, which made it score so high. When I've tried this tactic, via loading the video asynchronously via AJAX, the video still shows up on WebPageTest as a downloaded resource, but just after the DOM loads. So I'm really not sure how AirBnb is able to make this work. Does anyone have an idea?
AirBnb isn't doing anything special here. They're just starting playback of media using progressive download, which just means playback starts while the video is still downloading.
On their CDN, they have uploaded some fairly large MP4 files with two important characteristics:
The indexing information (MOOV atom) has been moved to the beginning of the MP4 file
The video is encoded in a format and codec that your browser supports
Because of these characteristics, all the site has to do is tell your browser to begin playing the source URL, and it will do the right thing: it makes a web request to the CDN and begins downloading the file. As soon as enough data has been transferred to start playback, it does so.
Finally, I can't say for sure why WebPageTest doesn't show you the video MP4s that are driving the video, but they are certainly there, and the URLs look like https://a0.muscache.com/airbnb/static/Xxxxx-X1-1.mp4. I suspect they're looking at your User Agent to decide which file to send you, and are not sending any video at all to bots like Google and WebPageTest.
You're not getting the real story through WebPageTest. Instead of relying on a third party to evaluate the page in their environment, you should watch the traffic you are actually being sent using Fiddler or the Network tab on Chrome Developer Tools.

prevent html5 video from being downloaded through inspect element

We have a module in our project where there is an option of uploading mp4 videos , we are using html5 video tag player for playing the videos.
Problem we are facing is the privacy of the videos.At the time its very easy for the user to download our file either through right click save as video or by taking the url from the src of the video tag by inspect element.
To do so I have studied a lot, and got the idea about the blob url through youtube videos which are not accesible through anyway.
I tried to study about the blob-url, created one for my video url but still they are accessible and can be easily downloaded. Like youtube blob-url its not working.
I also studied this ques question first answer, through which i got the idea about youtube mechanism of buffering video and how the blob url shown in inspect element for youtube is a spoof.
Most importantly I want to know how can we spoof our website url so that no one can download it through inspect element. Is it possible for us to do so and how? Any link related to this please share with me.I have tried to study a lot but still missing something.
What mechanism actually youtube follow for creating blob url and to save its videos?
As your video has to arrive at the users device there is effectively no way you can stop a user intercepting and storing the file if they want to.
The typical solution to this problem is to encrypt the file and only share the key to the encrypted video with the people you want to view it. A 'bad' user can still download the video file but will not be able to play it back without the correct key.
How you get the key to the users can be very simple (you tell them it directly via some separate communication channel, like email) or more sophisticated using some sort of DRM approach.
DRM is controversial (see Firefox discussion at link below) but it is being baked into the standards with HTML5 EME (Encrypted Meida Extensions) so is becoming more mainstream. EME essentially allow a browser request a trusted (by the video producer) element in the browser/device to decode and play an encrypted video. See a good overview of EME at the second link below.
https://blog.mozilla.org/blog/2015/05/12/update-on-digital-rights-management-and-firefox/
http://www.html5rocks.com/en/tutorials/eme/basics/

is any way to get image data from canvas, drawed from remote video?

I use html5 video tag to play video.
Then I use canvas element to draw video frame.
Video is from remote source.
There is no problem to draw frame. But there is problem to get image data from canvas. I want to get image data to make img element or to send data to server for creating image, but it is not possible, because operations with canvas are insecure.
When I use video from same domain, there is no problem.
Only one way, that i have found - is to make script on server, which get remote video and output it, and us this script like source for video element. But it is not very good idea, because it makes additional overload for server.
I am not sure that i have understood properly articles about using "cross-origin"? I think server, where remote video is located, has to send headers like: "Access-Control-Allow-Origin: *" , but if I don't have access to that server, for example I want to user youtube video, there is no ability to execute to do it?
The simple answer is, no, unfortunately.
It can't be done if you don't have access to the remote server to allow cross-origin use, or can ask the administrator of that site (which is very little likely to happen with a site like YouTube).
Generally, you can try to request cross-origin use by supplying the crossOrigin attribute:
<video ... crossOrigin="anonymous">...</video>
If it's allowed you will see data when you get the image data.
Solutions
One is to copy the video to your own server and stream it from there.
Two, use a proxy server or script as you already tried with your server.
And yes, both cases will impact traffic on your server (and there is a possible legal aspect to this regarding copyright etc.)
Sorry, no way around it.

How can I provide a 1 minute preview of a live flash video stream using Javascript?

I have a site that is streaming live videos, and I want to offer a one minute free preview to users before they pay for a stream. I am using JW Player - I was thinking of triggering a timer when the play button is clicked, and then removing a div containing the player once the timer is finished. I am already using jQuery on this page.
What methods can I take to secure this? Is there another way to do this - I am using a CDN so server-side is somewhat limited.
It's not possible to build a secure 60-seconds-only preview of the full video that way; the only way to be sure that no one could exploit the javascript code and see the entire video is to create a separate video file of 60 seconds only and to play that one instead of the real full video.
This is so because the javascript code is run on the client and it would be pretty easy to disable, edit it or, even simpler, to spot the URL of the full version of the video in the code.
Moreover it's better to protect the download of the full video file checking that every HTTP request made to download it corresponds to a user who has paid for it.
Unless you're using proper streaming (eg RTMP), the whole file will be accessible for direct download by users with access to this pseudo-preview. To properly limit access, you'll want to either implement streaming and limit the free stream server side, or use a one minute file and a protected full video.
To solve this I used JW Player's events to fire a setTimeout call for 60 seconds later. I then hid the player and popped up a modal jQuery UI dialog over the screen. It's not particularly secure but is sufficient for my needs.

Categories