Results 1 to 32 of 32
  1. #1
    Join Date
    Apr 2003
    Location
    Atlanta, Jawja
    Posts
    3,066

    Password protecting streams?

    I run a few Windows 2003 servers that do Video streaming. We've got problems with people getting the URL and pulling the streams on their own for free.

    What is the best way to password protect windows media streams? We only want the streams to be sent through another server and then displayed to the end user.

    Server A: Website that contains content.
    Server B: Windows Media Streaming server.

    We want the streams to only be viewable via either the username/password combo entered in on Server A...

    OR...

    To only allow streams to be delivered through a page sitting on Server A.

    What's the best way to do this?
    Douglas Hazard - Certifiable Sports Junkie and Sports Community Enthusiast

    Host of Two Cents Radio - Follow @TwoCentsRadio on Twitter (@BearlyDoug on Twitter)

  2. #2
    Join Date
    Apr 2003
    Location
    Atlanta, Jawja
    Posts
    3,066
    Still looking for guidance/help with this.
    Douglas Hazard - Certifiable Sports Junkie and Sports Community Enthusiast

    Host of Two Cents Radio - Follow @TwoCentsRadio on Twitter (@BearlyDoug on Twitter)

  3. #3
    Join Date
    May 2001
    Location
    Prince Edward Island
    Posts
    964
    I looked for about an hour, and could not find anything -- one would think that the Server software would have some kind of protection built into it --

    Should of an obfuscated URL or a password protected dir with expiring passwords, I cant think of anything.
    [url]I got nothing/url]

    For clarity's sake, don't use "<ip address of hostname>" use the ACTUAL 32-bit numeric IP address of the machine.

  4. #4
    HI, MikeM

    Why dont you password protect the directory ?

    Good Luck

  5. #5
    Join Date
    Apr 2003
    Location
    Atlanta, Jawja
    Posts
    3,066
    Guys, it's live streaming, there's no directory to password protect, it's done via ports to the live site.
    Douglas Hazard - Certifiable Sports Junkie and Sports Community Enthusiast

    Host of Two Cents Radio - Follow @TwoCentsRadio on Twitter (@BearlyDoug on Twitter)

  6. #6
    Join Date
    Jun 2001
    Location
    Denver, CO
    Posts
    3,301
    Jay Sudowski // Handy Networks LLC // Co-Founder & CTO
    AS30475 - Level(3), HE, Telia, XO and Cogent. Noction optimized network.
    Offering Dedicated Server and Colocation Hosting from our SSAE 16 SOC 2, Type 2 Certified Data Center.
    Current specials here. Check them out.

  7. #7
    Join Date
    Apr 2003
    Location
    Atlanta, Jawja
    Posts
    3,066
    Guys, you're giving me solutions that protects physical directories, not live streams, and that's what we need to protect.

    Stream URL: http://live.example.com/streamname
    Web page: http://www.example.com/private/main/livechat.php

    Basically, if the request isn't coming from the web page indicated above, I don't want the stream to work correctly. Right now, people can type in the stream URL manually and see the live video for free, bypassing the paid membership gateway. I want to force the stream to only function correctly when it's called up via the web page indicated.
    Douglas Hazard - Certifiable Sports Junkie and Sports Community Enthusiast

    Host of Two Cents Radio - Follow @TwoCentsRadio on Twitter (@BearlyDoug on Twitter)

  8. #8
    Join Date
    May 2001
    Location
    Prince Edward Island
    Posts
    964
    [url]I got nothing/url]

    For clarity's sake, don't use "<ip address of hostname>" use the ACTUAL 32-bit numeric IP address of the machine.

  9. #9
    Quote Originally Posted by Douglas
    Guys, you're giving me solutions that protects physical directories, not live streams, and that's what we need to protect.

    Stream URL: http://live.example.com/streamname
    Web page: http://www.example.com/private/main/livechat.php

    Basically, if the request isn't coming from the web page indicated above, I don't want the stream to work correctly. Right now, people can type in the stream URL manually and see the live video for free, bypassing the paid membership gateway. I want to force the stream to only function correctly when it's called up via the web page indicated.
    are these servers at different sites? or more specifically, can you insert a firewall between the 2?

    or even a software firewall on the server with the feeds to stream... if

    http://www.example.com/private/main/livechat.php

    has a static IP, you just have to tell the firewall on http://live.example.com/streamname to only allow incoming connections from that IP (for a given port range or service). you'd still want 3389 for you to manage it, etc. but this would work at blocking http requests from any IP other than the 'chosen one' (or chosen range, etc).

    think networking (not linux vs. windows)... i assume you've tried this, but just posting incase it helps

  10. #10
    Join Date
    Oct 2005
    Posts
    78
    What about changing the URL of stream every day or every 5 hours?

    I have one friend. He has a music online portal. And he has his URL of music changed every 2hours or manual whenever he wants. That way ppl still get your URL but those URL wont last long since they are chaanged often.

  11. #11
    Join Date
    Nov 2005
    Location
    Denver, CO
    Posts
    728
    I think most people are missing what he's asking. What Doug is looking for is that when someone clicks on

    http://www.sitename.com/media.xyz, rather than getting a file, they are presented with a login box that queries their credentials, i.e. uid and pw. That way someone can't right click on the file, save the stream header and post it on their website. note: saving the stream header only allows someone to point at your media from another website, it's not the actual "stream" they are saving. Point being, Doug want's to protect his bandwidth so that only authorized users can actually watch/listen to the stream they are providing.

    With that said, Doug, I know how to do it in Windows w/ the Media Server options in IIS6 but I have zero clue how to do it in *nix. I'm positive that it can be done in *nix OSes but having never run a media server of my own in that capacity, I'm clueless. I would check into Real Media not for their server, but because I'm sure they'd have resources that at a minimum briefly discuss how this is acheived on their platform. that could give you a basic idea on how this is accomplished and maybe lead you to another solution.

    DRM, unfortunately, only prevents replay when downloaded locally provided you don't have a license. This is what Napster uses with Windows Media. ITunes uses something similar but with their format. Anyways...

    http://www.flicks.com/videoquota/
    older piece of software, no experience with is because WMS10 has this built-in when used with IIS6. But it's along the lines of what you are looking for. Sorry I couldn't be more help.

  12. #12
    Join Date
    Apr 2003
    Location
    Atlanta, Jawja
    Posts
    3,066
    CiscoMike, that's EXACTLY what I need done. If it's at all possible, I'd like to force the Windows server (live streams get sent to/from this server) to use the u/p in .htaccess/.htpasswd on the Unix server.

    The Streaming server is using WMS.
    Douglas Hazard - Certifiable Sports Junkie and Sports Community Enthusiast

    Host of Two Cents Radio - Follow @TwoCentsRadio on Twitter (@BearlyDoug on Twitter)

  13. #13
    Join Date
    Nov 2005
    Location
    Denver, CO
    Posts
    728
    eww...<laughs>. I'm not aware of any collaboration schemes between IIS and apache (or httpd processes) that could take advantage of the .htaccess file. Again, I'm a bit ignorant on that piece. Running everything thorough IIS isn't a problem but it sounds like that's not what you're doing. Hopefully now that we have this cleared up someone else can chime in. This is obviously done and often at that. Take a look at any porn site out there (not literally). I know many of the media rich sites hosting the "messed up video of the day/week/month" are moving that way as well but alas, I'm a bit clueless on how it works in UNIX.

  14. #14
    Join Date
    Jun 2003
    Posts
    961
    what about this (idea might not work, or be stupid):
    win server streaming, linux server doing the authentication
    php script on linux server using http auth (http://www.php.net/manual/en/features.http-auth.php)
    if auth is ok, open a connection to the win server (stream) and output incoming data on that connection to the user
    this would bounce the streams thru a php script on the linux server
    not sure if any software would be able to play then tho

  15. #15
    Join Date
    Nov 2005
    Location
    Denver, CO
    Posts
    728
    that would work except that the windows URL would be accessable outside of authentication. To have the URL exposed someone (i.e. authenticated user) would have to post that URL outside of Doug's site but that would be a risk. However one could use user specific URLs and the via standard web logging one could see if the streaming media was being leeched.

    with the php part, after authentication was done, a simple redirect would be issued. Nothing too crazy there, and then WMP or media player of choice would open up. This isn't a clean solution though. Here's a another link Doug:

    example of using .qtaccess for MPEG4 / MOV streaming (aka Quicktime)
    http://kb.serverlogistics.com/idx/39/116/article/

    A quick google search keeps pointing back to VideoQuote (linked in my original post) for IIS use. Scary. One would think there would be more commercial solutions. I've seen a lot of discussion of using a cgi gateway to accomplish this as well.

  16. #16
    Join Date
    May 2002
    Location
    Moscow
    Posts
    1,490
    just as some idea. why not assign for each leave stream request own hash/session/temporary_filename and then just check their control sum and after this give access to file to visitor? Legitimate request will allowed, non-legitimate disallowed (just visitor don't know which file he can ask). Each request will create hash/session/temporary_filename and it will unique. Then, after visitor close his connection or just leave stream end, you will remove this file from disk. Should be easy realize in php...
    Rustelekom LLC Dedicated server since 2002, RIPE NCC member, LIR, AS51168

  17. #17
    Join Date
    Sep 2004
    Location
    Uk
    Posts
    422
    Quote Originally Posted by rustelekom
    just as some idea. why not assign for each leave stream request own hash/session/temporary_filename and then just check their control sum and after this give access to file to visitor? Legitimate request will allowed, non-legitimate disallowed (just visitor don't know which file he can ask). Each request will create hash/session/temporary_filename and it will unique. Then, after visitor close his connection or just leave stream end, you will remove this file from disk. Should be easy realize in php...
    I would go with this and also blocking all requests to the streams, unless being requested from server A.

  18. #18
    Join Date
    Apr 2003
    Location
    Atlanta, Jawja
    Posts
    3,066
    I really think that the best way would be to filter outbound requests on Port 80 to specific IP addresses, and to answer all inbound requests.

    The problem is that I don't know how best to do this.
    Douglas Hazard - Certifiable Sports Junkie and Sports Community Enthusiast

    Host of Two Cents Radio - Follow @TwoCentsRadio on Twitter (@BearlyDoug on Twitter)

  19. #19
    Join Date
    Jun 2003
    Posts
    961
    why not assign for each leave stream request own hash/session/temporary_filename and then just check their control sum and after this give access to file to visitor?
    so e.g. user A would request get.php?streamid=6d6d6s6s6sa, check if user is allowed to access with the session unique streamid (6d6d6s6s6sa), and then what? redirect him to the url with the live stream? i guess the stream is not a stored file, so how would you deliver it? if you just redirect to the real stream, its url would be exposed

    I really think that the best way would be to filter outbound requests on Port 80 to specific IP addresses, and to answer all inbound requests.
    win or *nix?

  20. #20
    Join Date
    Apr 2003
    Location
    Atlanta, Jawja
    Posts
    3,066
    The streams are done via port 80, sent from a Windows server and received via a page on a Unix server.
    Douglas Hazard - Certifiable Sports Junkie and Sports Community Enthusiast

    Host of Two Cents Radio - Follow @TwoCentsRadio on Twitter (@BearlyDoug on Twitter)

  21. #21
    Join Date
    Jun 2001
    Location
    Denver, CO
    Posts
    3,301
    Quote Originally Posted by Douglas
    CiscoMike, that's EXACTLY what I need done. If it's at all possible, I'd like to force the Windows server (live streams get sent to/from this server) to use the u/p in .htaccess/.htpasswd on the Unix server.

    The Streaming server is using WMS.
    Perhaps you could somehow manage this using something like this, then: http://www.troxo.com/products/iispassword/
    Jay Sudowski // Handy Networks LLC // Co-Founder & CTO
    AS30475 - Level(3), HE, Telia, XO and Cogent. Noction optimized network.
    Offering Dedicated Server and Colocation Hosting from our SSAE 16 SOC 2, Type 2 Certified Data Center.
    Current specials here. Check them out.

  22. #22
    Join Date
    Apr 2003
    Location
    Atlanta, Jawja
    Posts
    3,066
    Guys, I do appreciate ALL the help, but no one is getting what I'm trying to say...

    There is NO physical files on this, everything is done via streaming in REAL time, over http:// Push:* protocols. There are no physical files. Period. Nada. Zip. Zilch. It's done va a stream over a port.

    /me sighs
    Douglas Hazard - Certifiable Sports Junkie and Sports Community Enthusiast

    Host of Two Cents Radio - Follow @TwoCentsRadio on Twitter (@BearlyDoug on Twitter)

  23. #23
    Join Date
    Jun 2003
    Posts
    961
    The streams are done via port 80, sent from a Windows server and received via a page on a Unix server.
    so the unix server does send some html page which contains some java/activex applet/component to the client? and then the client does connect directly to the win box on port 80?

  24. #24
    Join Date
    Jun 2001
    Location
    Denver, CO
    Posts
    3,301
    Quote Originally Posted by Douglas
    Guys, I do appreciate ALL the help, but no one is getting what I'm trying to say...

    There is NO physical files on this, everything is done via streaming in REAL time, over http:// Push:* protocols. There are no physical files. Period. Nada. Zip. Zilch. It's done va a stream over a port.

    /me sighs
    Are you using IIS for the streaming, or some other streaming server? Have any examples, so we can see how this actually gets put together?
    Jay Sudowski // Handy Networks LLC // Co-Founder & CTO
    AS30475 - Level(3), HE, Telia, XO and Cogent. Noction optimized network.
    Offering Dedicated Server and Colocation Hosting from our SSAE 16 SOC 2, Type 2 Certified Data Center.
    Current specials here. Check them out.

  25. #25
    Join Date
    Nov 2005
    Location
    Denver, CO
    Posts
    728
    He's using Windows Media Server
    http://www.washington.edu/computing/...dowsmedia.html
    http://www.microsoft.com/windows/win...es/server.aspx
    http://www.microsoft.com/windows/win...webserver.aspx

    Doug, there is a "file" but it's not what a lot of people are thinking. WMP needs metadata or a description file to tell it what to do and to negotiate a codec and bitrate. Generally its a .asx file but we're talking something that's 500 bytes in size. The .asx file just tells WMP where to go for the stream (where there is no file) and the requirements to play the stream. There are other ways to accomplish this but that's the most common.

  26. #26
    Join Date
    Jun 2001
    Location
    Denver, CO
    Posts
    3,301
    CiscoMike - Thanks for the links, but I know perfectly well what Windows Media is I was just confused because he was talking about there not being a file, and streaming over HTTP (which this is not). In looking at my Windows Media server, the only type of built-in authentication I see that is able to protect the actual steams is to use Windows NTLM or Digest authenticaiton. However, I am also aware of this third party Windows Media Plugin: http://www.flicks.com/videoquota/
    Jay Sudowski // Handy Networks LLC // Co-Founder & CTO
    AS30475 - Level(3), HE, Telia, XO and Cogent. Noction optimized network.
    Offering Dedicated Server and Colocation Hosting from our SSAE 16 SOC 2, Type 2 Certified Data Center.
    Current specials here. Check them out.

  27. #27
    Join Date
    Nov 2005
    Location
    Denver, CO
    Posts
    728
    meh, what I failed to point out with those URLs is how the stream is accessed/activated and the pieces and parts used to do it all. And yes, that was my originaly suggestion was to use IIS auth but he's front-ending the media portion w/ Apache on linux it sounds like.

  28. #28
    Join Date
    Apr 2003
    Location
    Atlanta, Jawja
    Posts
    3,066
    Looks like I'm gonna have to build up a sample page to show what I need. ::growls:: As if I don't have enough to do right now, lol (damn server migrations!)
    Douglas Hazard - Certifiable Sports Junkie and Sports Community Enthusiast

    Host of Two Cents Radio - Follow @TwoCentsRadio on Twitter (@BearlyDoug on Twitter)

  29. #29
    heey i have the same problem here i stream aswell but need to password protect them as many users give url's out,
    but douglas what ive done is
    made a password protected page, you can get scripts for like if you have phpbb installed and use if as a forum you can get scripts so ppl who use their username/passwords to login they can use the same to view the apges once theyve logged in you can protect the page with html protector or anything else and put the media player on the site so all can view online, no1 will be able to copy it or find out the real link.
    and in the phpbb forum you can make a forum in it and only allow some users to see the topics inside it to go to the page.
    thats how ive done but still searching after sites where i can find out how to protect the live stream so people have to use username/password.

  30. #30
    Join Date
    Jun 2003
    Posts
    961
    you can protect the page with html protector or anything else and put the media player on the site so all can view online, no1 will be able to copy it or find out the real link.
    html protector? a tool "encrypting" the html content with javascript or something similar? if so, does not sound too secure to me, people could "decrypt" the content and fetch the link to the stream

  31. #31
    hmm is it possible to decrypt?
    lol
    but there are a little software called HTML Protector .. u open the page with it and choose what to do and press on encrypt and it will do it!

  32. #32
    Join Date
    Jun 2003
    Posts
    961
    this one http://www.antssoft.com/htmlprotector/index.htm?
    just used the trial version, encryption, protection scheme I and II and it does use
    <SCRIPT LANGUAGE="JavaScript">
    javascript to protect the page, so people can decrypt it (pretty easy) and your stream link will be exposed

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •