I want to grant access to audio files for some group of people - now in the browser but in future in Ionic / Cordova app as well. But Access to them will be after authentication and I want to protect against downloading them.
What will be the best way to do it?
put files to some service for audio files - similar to youtube?
streaming from server - I use PHP?
use flash app?
Thanks for any solutions,
Similarly, to video files you can't prevent someone form downloading a file if you want to stream it to their device.
Ultimately, the file has to get to the device and there are many ways to store it even if you try to make it hard.
The usual approach to take is to DRM protect the files - this is commonly used by the paid music services.
Audio DRM is a little different from video, because most devices do not have a secure media pipeline for audio, which means it is a little less secure.
Ultimately, all these measures are hurdles and detergents - it generally ends up being as much a business solution as anything. If the user perceives that the cost is not too high for the service, or is low enough not to bother circumventing, then they are more likely to use it legitimately.
Related
I need to build a web based video player. Something like coursera/udemy. I would like to know the following.
Where we can store videos (Blob,Db..etc)?
Say I uploaded video in Blob storage. How can I make sure nobody is able to download this videos?
What should be an ideal video streaming architecture(BE+FE) if I am expecting 500 concurrent users?
Do I really need to build a video streaming Back End or I can simply use services like vimeo to get this done?
I inspected how Udemy is doing, i could find the following. It looks like they are using some blob to store videos. But when I tried to access this directly it says I cannot. How this works?
There can be no way to protect your video from a determined sophisticated hacker. In the very worst case, they can record the video from their screen using a iPhone.
You can learn more about blob: URL e.g. here. The bottom line: it's a browser-side object, it's not to store videos.
You definitely can use streaming services, but this will even further reduce your control. OTOH, it's not worth your effort to develop some new streaming architecture if you only expect 500 concurrent streams.
We are currently looking at porting a enterprise silverlight application over to html5. The major roadblock that we have hit is the ability to open files from the user's local disk. Currently they have a document library which just links to files on their computer that they can open from within the app and view or print out. All that I read is that you can only access the local sandbox of the web app with the html5 file api's. We want to load these files from code.
Does anyone know of any workarounds to this?
Thanks
There is no way for html5 to access local file without user selection. But FSO: FileSystemObject works for IE and MAYBE could be regarded as a work around. But still there are some requirements to meet.
It is possible to use chrome's filesystem API to access files on a users local filesytem. So you'd have to be willing to make this a chrome only application.
Using java you can create a "Signed" applet which has access to the local filesystem. (if the applet is signed you can request filesystm permissions)
then there is a tutorial for accessing methods of your java code directly from javascript here: http://docs.oracle.com/javase/tutorial/deployment/applet/invokingAppletMethodsFromJavaScript.html
you should be able to perform something similar from silverlight.
There is no workaround in pure HTML5/Javascript. You need the use of plugins, such as Java or Silverlight (maybe you shouldn't port it after all). As for workarounds, HTML5 gives you an easy way drag and drop multiple files that you could transfer on the server and then display back to your users. Another workaround would be to install a custom agent (a software with only a tray icon) that would send the information about the current user "document library" to server and then again, you could display it back to the user.
Note: I've heard somewhere that browsers will eventually stop supporting plugins. http://www.howtogeek.com/179213/why-browser-plug-ins-are-going-away-and-whats-replacing-them/
Ya, I agree with Markain. However, if you were to limit your audience solely to chrome users, I daresay, you would most likely use some of your users. If Huazhihao is right, then your number of leaving customers should decrease but users who regularly use firefox won't be happy. Overall, I think that this will not work. Otherwise, there would be too many websites that trashed your hard driver (or at least wherever you have the rights to edit/delete files). I think it would be best if your product was setup to synchronize the file whenever an internet connection was detected and a change was made to the file. That way the user would not need to visit the website whenever the file was uploaded. If this is some kind of an error file, then it would be most beneficial if you were to make a link in the application that when clicked, would upload the file to the website and the website were to do whatever was necessary. If this is a purely online thing, then I don't see what business you would have looking through other peoples' files =-). Hope I helped!
I was able to successfully encrypt and decrypt the videos using AES encryption. It worked good for smaller videos while for the bigger files it gave us the memory out/Overflow exception. Is there a better way to safe guard the video files where only my application can have the access to it.
I am using this library "node-forge"
How are Video streaming apps like Netflix and Amazon prime are securing the videos locally, which are accessible only through their apps. If they are decrypting the whole file, how is the process so fast?
I was just wondering if we can just corrupt the file and de-corrupt while converting to base-64 ?
EDIT:
This is a E-learning application where videos are accessed through SD Card securely. These Videos should be secured and can be played in only our app.
You need to design your security measures based on your requirements which is a very complex process and you need to consider a lot of details. In one hand you need to design a suitable protocol for your application, and in the other hand you should try to make it secure.
As suitability of design, for example, you need to consider how you are going to playback your video or how much disk/memory you have. In cases like Netflix which they playback video while downloading, they they probably use streaming modes of encryption algorithms. But As I said, without understanding complete design of your application, suggesting encryption methods is somehow unethical.
Update:
If a simple encryption is what you need, I suggest you to use a streaming method(like CTR). In this case, you can decrypt your content on-fly rather than completely decrypting your files first. But you need to feed this content into your player. This may be a little problem if you have not written your own player. I did this once by hooking file read/write APIs and did similar thing that you need, so it is possible.
As you have said that you have successfully encrypted the smaller video files with AES, i will suggest you to break down your all files into small chunks (for example 512kb/1Mb parts file1.part1 or even give custom names so your app only knows which is part 1,2 and so on) and then encrypt each. During the decryption process decrypt each one after other to get the whole file or if you can create custom player do this on-the-fly.
I tried using Dropbox links in my cache manifest, but it didn't work.
I tried NOT using cache manifest and simply:
<audio src="dropbox url" autoplay="true"></audio>
It doesn't play the sound either. If I point src to a file within the project or on the hard disk, it works. Are there any free services for hosting such things?
I don't know of any free and legal services for hosting audio content. I'd recommend looking into cloud-based storage options (AWS S3, Rackspace Cloud Files, et cetera). They typically have a cost based on the amount of files you have stored and the amount of data transfer per month.
You should be able to use external URLs in your cache manifest. However, it may be possible the URL you're trying to use has response headers that prevent it from being used in such a way.
You mean something simple and FREE that provides 100gb storage and 100gb traffic with ftp-access?
See sites like http://www.100gb.co/. There are a lot more of those kind of services, just USE GOOGLE! Think about it.. what kind of $%^&* would pay anno 2012 ?!?
You could also use services like sound-cloud. The main difference is that you don't link to the bare *.mp3 file anymore, but to a flash file.
Warning: just make sure you legally own the stuff you post. For instance, when I rip the albums from our band and post them online, I can do so, I co-wrote/own the material. It's just like taping: mp3 can never sound as good as the real full cd. Impossible.
Good Luck!!
We are in process of building conceptual model of web-based audio editor. And the first trouble we met is client-side caching system. In my opinion as server-side programmer having huge cache on client side is perfect idea, because in many cases it takes of server load by excepting multiple loading of the same data. Furthermore such cache could be good candidate for buffer for providing per-track operations, like filtering.
Our flex programmer says that this is a great trouble and it is impossible in almost any cases. But I am in great doubt, cause I know that actual Google Chrome browser version can simple keep up to 2 Gb in localStorage. Moreover I've found this example of online track-editor and looks like its caching mechanism working pretty good.
Is it possible to cache some data (smth about 100-200mb) on the client side using flash and js?
You can use SharedObject to store the data.
I am pretty sure that default size limit is too low for your needs, so your app will need to ask user to accept your new limit:
http://www.macromedia.com/support/documentation/en/flashplayer/help/help06.html
SharedObject is more reliable than the browser cache, and you control it from your app.
If you are using html5 then you can store large data on client side using html5 inbuilt database.
also refer this link
What we did when writing a video editor. Well, actually, in Flash you can save files to the user's machine, with the restriction that it must be transparent to the user (i.e. the user initiates the action, goes through the OS dialog and saves the file as they would normally save anything they download), similarly, you can load in a file from a user's computer, with the restriction that the user must initiate the action (as in by clicking with a pointing device or pressing a key).
This has certain advantages over different local storage strategies, which are mostly opaque to users (people don't usually know how to erase cookies, SharedObjects or web storage that comes with more modern browsers, but they are pretty much capable of saving and deleting the files on their system). Furthermore, all other opaque local storages may have restrictions that less savvy users might not know how to overcome / may not be possible to overcome in general - these would be size, location and ownership.
This will still be a bit of hindrance for your audience, because every time they need to save a file, they have to go through the OS's dialog, instead of doing Ctrl+S / Cmd+S / C-x C-s... But given all other options, this, IMO, leaves the user with the most choices / delivers best experience.
Another suggestion - you could, in principle, come up with a browser-based "enhanced" version of your application, which users would install as a browser plugin (if that's an editor they are using on a regular basis - why not?), in which case you wouldn't be limited to the clumsy options provided by web technologies. Chrome and Mozilla-based browsers encourage such development, however it's not standardized. Still, since these two browsers run on virtually any OS, that doesn't sound particularly as locking in your users into a certain platform...