This is a message.

Obfuscate your video location

The Secure Streaming plugin provides a way to protect your media files from being directly downloaded from your server or from being “leeched” by other sites.

The Secure Streaming plugin is compatible with the Wowza media server and with lighttpd's mod_secdownload module. If you don't use lighttpd or Wowza you can also implement the required server-side functionality by using PHP, Java or some other server-side programming language.

Features

NOTE: This plugin does not work in conjunction with the bandwidth detection, bitrate selection, and clustering plugins.

Secure Streaming With Wowza

The Wowza Media Server supports secure streaming out-of-the-box. It also has the added benefit over HTTP that you cannot see the requested video URL using commonly used browser debuggers such as Firebug. This example uses the Wowza streaming server together with our secure streaming plugin.

The Secure streaming plugin and Wowza server perform a handshake. This guarantees that only those clients that have access to the secret token are able to stream videos from the Wowza server.

For details about this setup consult its demo page.

Configuration

property / datatypeDefaultDescription

token

null

The shared secret known by the server and the client only. If you really want to keep this secret consider acquiring a custom build.

timestamp

null

The current timestamp. This is number of milliseconds since January 1, 1970, 00:00:00. For example Java's System.currentTimeMillis() return this value.

timestampUrl

null

If you load the player on demand or don't have the possibility to calculate this on the page you can supply an URL used to request for a timestamp.

More protection

This plugin has a default token value that should be kept secret so that it is known only by the server and Flowplayer. This applies when using both Wowza or HTTP. As explained here we can do a lot by just making the media links to expire - this can be accomplished using the timestamp that is part of every request URL generated by this plugin. Just by making the links expire we prevent most of the inline linking activity.

To get more security you can compile the token value into the plugin SWF. To do this you will need to edit the TOKEN value in the sources of this plugin, and then compile the plugin SWF. See here for more information on how to develop and compile plugins.

If you need a custom Secure Streaming plugin where the shared secret is compiled in, drop us a line at info@flowplayer.org. We will compile you a custom plugin with the secret compiled in, the price of this service is 150.00 $ (or 110 €).

Download

flowplayer.securestreaming-3.2.9.swf

just the working flash file to get you going

flowplayer.securestreaming-3.2.9.zip

working flash file (swf) + README.txt and LICENSE.txt

flowplayer.securestreaming-3.2.9-src.zip

source code

Please right-click and choose "Save link as..." (or similar)

Note: For XSS security reasons Flash plugins must be located at and loaded from the same domain as the core player flowplayer-3.2.18.swf.

This is a Flash plugin, and its features are therefore not available on iOS. For iOS please consult the ipad plugin.

See the version history for this tool.

Found a bug?

If you encounter problems with this script, please turn to the Flowplayer Flash plugin forum with a link to a minimal sample page (no extra html, css, javascript) demonstrating the issue.