We have a module in our project where there is an option of uploading mp4 videos , we are using html5 video tag player for playing the videos.
Problem we are facing is the privacy of the videos.At the time its very easy for the user to download our file either through right click save as video or by taking the url from the src of the video tag by inspect element.
To do so I have studied a lot, and got the idea about the blob url through youtube videos which are not accesible through anyway.
I tried to study about the blob-url, created one for my video url but still they are accessible and can be easily downloaded. Like youtube blob-url its not working.
I also studied this ques question first answer, through which i got the idea about youtube mechanism of buffering video and how the blob url shown in inspect element for youtube is a spoof.
Most importantly I want to know how can we spoof our website url so that no one can download it through inspect element. Is it possible for us to do so and how? Any link related to this please share with me.I have tried to study a lot but still missing something.
What mechanism actually youtube follow for creating blob url and to save its videos?
As your video has to arrive at the users device there is effectively no way you can stop a user intercepting and storing the file if they want to.
The typical solution to this problem is to encrypt the file and only share the key to the encrypted video with the people you want to view it. A 'bad' user can still download the video file but will not be able to play it back without the correct key.
How you get the key to the users can be very simple (you tell them it directly via some separate communication channel, like email) or more sophisticated using some sort of DRM approach.
DRM is controversial (see Firefox discussion at link below) but it is being baked into the standards with HTML5 EME (Encrypted Meida Extensions) so is becoming more mainstream. EME essentially allow a browser request a trusted (by the video producer) element in the browser/device to decode and play an encrypted video. See a good overview of EME at the second link below.
https://blog.mozilla.org/blog/2015/05/12/update-on-digital-rights-management-and-firefox/
http://www.html5rocks.com/en/tutorials/eme/basics/
Related
I created a web application using Java and html5. I have uploaded few videos in tomcat server war folder.Say my war file name is "web". Then my videos are inside /opt/Apache/WebApps/web/videos/sample.mp4".
I am using html5 video tag for playing the videos.Most of the video size is more than 100mb.
My video tag is like
<video src="/videos/sample.mp4"></video>
Whenever I played the video, automatically download inside our temp folder of my c drive. My system RAM size is 128mb. So when I watched two or more videos, suddenly PC gets struck due to less memory.
How to avoid this using jQuery, Java servlet,jsp
Base on my experience, you can't. But try to make it harder to download.
Browsers make grabbing too easy
Because that's what browsers were designed to do: Serve content - which means give the content to the user. To show you how easy it is, here's how I usually grab videos on virtually any video streaming site:
Prepare the network tab of your preferred browser debugger and let the video load. Then look for it in the loaded resources. Videos are usually streamed in .flv or .mp4, and audio in .mp3. When you spot the url, open a new tab/window and open the link there. The browser will then download the file.
Making it harder
Here are methods on making a grabber's life harder. Like I said earlier, these are not fool-proof methods, but can at least ward off skiddies.
Video to Canvas technique
Recently I came across this article from HTML5Doctor while researching motion detection in JS. This involves streaming your video via a , then with some JS, literally copy the video to a . Here's an example where the video is up front, while the canvas at the back get's fed with data from that same video.
Essentially, what you do is:
Predefine on the HTML or dynamically insert a to the DOM. This is the "player" that the user sees.
Dynamically create a video tag via JS, append it to the DOM hidden and give it a url to stream. This will be the video source for the canvas.
Then with JS, you periodically grab data from the you just created and draw it to the . With this step, the video gets fed to the canvas.
That's the very basic of the entire routine. Since your player is now the canvas and the true video hidden, you can try right-clicking all you want and save. Since the canvas acts like an image on the page, you can only save a shot of a frame that was displayed on the canvas. As for controls, JS has an API for controlling so you can create custom buttons and sliders.
However, if they know you are doing this, they will find your hidden video element, and you are screwed. This leads us to the next method that complements this front-end only technique, with aid from the server side.
Temporary resource urls
One thing you can do to prevent this method is to prevent the link from being reusable. Make the link disposable, temporary, one-time use only. Once the player loads using the disposable url, dispose of it. Make it unusable.
Similar to CSRF prevention, when a browser requests a page with your video, have it generate a random token and store it in some storage on the server side for later reference. At the same time, append it to the url of your video, something like this:
//we load some video with id 1234324 from your site using this url
//and the token generated on page load is appended as sid
http://yoursite.com/media.php?video_id=1234324&sid=a0s9d8a98a0d98asd09809wq0e9
Now when your player loads the video, it will use this url that carries the token. Have the server validate the token.
If it's good, stream the video and destroy the token from the server to avoid reuse. This essentially makes the url "one time use only". If an invalid token is used, return the appropriate headers as the response, like a 403 perhaps.
To add a bit more security, impose an expiry of the url by storing it's timestamp along with the token. Then compare the request timestamp with the stored timestamp if it's still within the "use window". Make this "use window" short enough to be used by the player on the page, but not long enough for a skiddie to grab that url and paste it into another tab/window/downloader.
I have a website that I put my videos/audios on it.
I use HTML5 and tag to show videos.
But videos/audios can be downloaded if client opens view source page and then copy the file address.
How can I disable downloading these files, I just want client to see videos/hear audios in the web page.
Many online video/audio services like Youtube disabled downloading videos by this way. How they did that? What is a working way to disable, or at least make this progress much harder?
Youtube encodes their video into the MPEG-DASH format, which plays back through byte streams via the browser's implementation of the Media Source Extensions API. See See more on Wikipedia.
You can do the same by encoding your video into MPEG-DASH files, then playing it back in your code through a library like dash.js. Watch how the dash.js player works live by checking out the DASH Reference Client.
I've encoded MPEG-DASH video using Sorenson Squeeze, but there are other encoders you could use.
And just to clarify... this will make downloading more difficult... but will NOT provide a real DRM solution. For that you need to check out EME.
MPEG-DASH seems like a nice solution but is definitely not perfect. There are many ways to bypass this and still being able to download the video. On the other hand putting a lot of effort in protection might not be worth it since people can always make screen recordings etc.
But if you still want to go for a more secure option you can try using
Encrypted Media Extensions i.e. with Amazon s3 cloud.
Would like to understand how AirBnb is able to load a 20MB background video file so fast on their homepage. After inspecting their homepage on WebPageTest, I noticed that the video did not show up in any of the downloaded resources, which made it score so high. When I've tried this tactic, via loading the video asynchronously via AJAX, the video still shows up on WebPageTest as a downloaded resource, but just after the DOM loads. So I'm really not sure how AirBnb is able to make this work. Does anyone have an idea?
AirBnb isn't doing anything special here. They're just starting playback of media using progressive download, which just means playback starts while the video is still downloading.
On their CDN, they have uploaded some fairly large MP4 files with two important characteristics:
The indexing information (MOOV atom) has been moved to the beginning of the MP4 file
The video is encoded in a format and codec that your browser supports
Because of these characteristics, all the site has to do is tell your browser to begin playing the source URL, and it will do the right thing: it makes a web request to the CDN and begins downloading the file. As soon as enough data has been transferred to start playback, it does so.
Finally, I can't say for sure why WebPageTest doesn't show you the video MP4s that are driving the video, but they are certainly there, and the URLs look like https://a0.muscache.com/airbnb/static/Xxxxx-X1-1.mp4. I suspect they're looking at your User Agent to decide which file to send you, and are not sending any video at all to bots like Google and WebPageTest.
You're not getting the real story through WebPageTest. Instead of relying on a third party to evaluate the page in their environment, you should watch the traffic you are actually being sent using Fiddler or the Network tab on Chrome Developer Tools.
I'm pretty new with Javascript but know it's capable of some amazing things. I recently got a Chromecast. Among other things it allows me to cast/stream any video or webpage to my TV when I click the Chromecast extension.
So, for example, I can load a video in my browser just by browsing to the file with the url like so: file://localhost/Users/username/Downloads/workaholics.s03e14.hdtv.x264-2hd.mp4. And when I click the Chromecast extension it plays on my TV.
I'd like to know if it's possible to create a playlist somehow for videos to be played this way. But I've read that, for security reasons, Javascript will not supply the path to a file, only the name. I was planning on letting a user browse through or drag and drop files to a playlist, and somehow play them back-to-back. I can't seem to figure out how to implement this. I was planning on getting the full paths to the videos added to the playlist and looping through them to play, but getting the full path is apparently not possible. If this is only run locally, with my local files, is there a workaround for something like this? Or anybody have other ideas?
Did anybody faced to problem when QuickTime cannot play streaming video and shows blue question mark instead or errors - 400 (Bad Request) and 10060 (Disconnected)? I have already tried to switch getting stream from UFP to HTTP protocol with custom port in QuickTime settings but this did not help.
And does anybody know where can i find streaming video using RTSP protocol just for testing, links to online streams (not downloaded trailers) are appreciating.
These links do not work for me due to issue mentioned above:
http://mac.sillydog.org/qt/mov/embed_stream.php
And here only last one works (among other streaming types) :
http://quicktime.tc.columbia.edu/users/iml/movies/mtest.html
Thanks, for any links and advices.
The best way I've found to get rtsp streams to play in a browser window is using Apple's own javascript. I've tried hard coding tags with exactly the same parameters, and the embed tags won't work, but the js will. The js file itself is called AC_Quicktime.js. Just google it and you should be able to find a link to it easily enough. Use the one from Apple's site to make sure that you're getting unmodified code. Load that in your HTML page, and in your body, insert this:
<script>
QT_WriteOBJECT(*url*,*width*,*height*,*ActiveX Version*,*parameter1*,*value1*,*parameter2*,*value2*,*parameter3*,*value3*);
</script>
This will draw the appropriate code in whatever container you place the script. ActiveX Version can be an empty string (''), and as many parameters as you like can be entered one after the other. Apple has fairly exhaustive documentation on their website for all their stuff.Apple Developer Connection.
Hope that was marginally helpful.
it appears that this was just a security issue and stream was stopped by private policy of Quick Time so to turn on the ability to play RTSP stream in Safari i needed to check some option in browser settings ...
http://www.niehs.nih.gov/news/video/help/