Secure Video Player for mojoPortal - Suggestions?

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.
This thread is closed to new posts. You must sign in to post in the forums.
11/17/2011 3:16:58 PM
IndigoTea
Gravatar
Total Posts 355
View Posts

Secure Video Player for mojoPortal - Suggestions?

All right, here's the deal; I've a client who is offering premium video tutorials; right now we're controlling access to the video files with the Shared Files feature, and role rights access, but the client would *really* like for the videos to play in the browser, not to be downloadable. Looks like I'm about to be writing a custom feature to support this; suggestions on approach, or requests for functionality?

[And Joe A.? That Membership add-on? Any time now... ;-) ]

11/18/2011 7:30:09 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Secure Video Player for mojoPortal - Suggestions?

A problem like that is a tough nut to crack. In order to see an image or play a video the file must be downloaded to the user machine so there is no way to avoid downloading it. Most solutions I know of involve using DRM in the video and assigning a ticket with an expiration or policy. I'm not up on the full breadth of available solutions but things like windows media does support that kind of thing but then you may get some platform limitations or require a custom player that enforces the DRM. Might be able to do it with a Silverlight video player or some googling may find other pre-made solutions. Typically the video file is going to be downloaded just like any other file that the browser requests but there are ways of making it not playable outside the player which can enforce the DRM.

Believe me I'm working on Site Membership Pro any chance I get, I'm eager to get it on the market, but my efforts are pulled in many directions. Probably within the next few months it will be ready.

Best,

Joe

11/18/2011 6:48:09 PM
IndigoTea
Gravatar
Total Posts 355
View Posts

Re: Secure Video Player for mojoPortal - Suggestions?

Joe,

Thanks for your observations. The biggest difference is downloading an intact file, vs. streaming it in a controlled manner (like YouTube). I've pretty much figured out the steps to implement a solution; just a matter of getting it approved and done.

I know you've got a lot going on; mojoPortal's becoming quite the formidable beast, and I'm not sure how you keep up with it all - but I'm very glad that you do!

11/20/2011 9:34:17 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Secure Video Player for mojoPortal - Suggestions?

My understanding of streaming is that it still is streaming to disk in the temporary files downloaded by the browser. Streaming just means that playback can start before the file is completely downloaded and one can save bandwidth by not downloading the entire file for a long video if the user only watches the first few minutes. With streaming it just has to download fast enough to keep ahead of playback or if it can't then it does buffering which is just downloading more in advance. Some streaming implementations can also adapt the quality of the video to the available bandwidth. When a user rewinds I'm pretty sure it is not going back to the server to get the parts of the video it already downloaded. 

I'm not aware of any way to secure video without DRM encoded into the video and enforced by the player. Of course my understanding and awareness may not be complete because its been a few years since I've been actively involved with streaming video.

Best,

Joe

11/20/2011 10:48:20 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Secure Video Player for mojoPortal - Suggestions?

I did some quick googling on this out of curiosity. The only kind of streaming that doesn't store a file on disk according to this article is known as live streaming or true streaming, but it doesn't support video on demand its only for live broadcasting where the video is only available during actual broadcast. This thread on stackoverflow also talks about ways of semi securing Flash without DRM that might inhibit casual users from getting the video but isn't really that much of a deterrent and even DRM is not entirely unbreakable but is much more secure.

Best,

Joe

11/20/2011 3:49:14 PM
IndigoTea
Gravatar
Total Posts 355
View Posts

Re: Secure Video Player for mojoPortal - Suggestions?

Joe,

I hear what you're saying, and I don't disagree; if someone is sufficiently motivated, they can peruse their cache, and find the files. The goal here is to

a) limit access to those files limited to people who've paid to access them, leveraging the rights/roles built into mojoPortal

b) allow those people with proper access rights to view the images "in browser" (yes, most likely streaming - these are *not* small files). I'll probably use a two-step approach, where the page containing the player calls the page that'll convert the video back to a playable format from storage; I'll know more once my quote's approved and I move forward with it.

I know that you believe in leveraging 3rd party resources such as YouTube, and when it's appropriate, I do, too. However, this is a revenue stream for this client, so the more I can secure the content *and* display it in the manner they've requested, the better I'm doing my job for them. That's the joy of creating custom solutions, after all, isn't it? 

I've already got something of the sort built into my MegaGallery plugin, so for me, it's just a matter of extending the approach for video; it's been a long time for me, too, but again, that's part of the fun of creating custom features. Yeah, I know, I'm a geek. cheeky

11/20/2011 4:30:36 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Secure Video Player for mojoPortal - Suggestions?

I know that you believe in leveraging 3rd party resources such as YouTube, and when it's appropriate, I do, too. However, this is a revenue stream for this client, so the more I can secure the content *and* display it in the manner they've requested, the better I'm doing my job for them. That's the joy of creating custom solutions, after all, isn't it? 

I never suggested that for this scenario, I only recommend that when appropriate myself.

You asked for suggestions about securing video, so I shared what I know about it. Of course how secure does it really need to be is what should decide how to implement it. If it just needs to be inconvenient to get the video file (which seems perfectly reasonable to me) then it will be an easier implementation than if it really really needs to be as secure possible. Inconvenient for a technical user or hacker is about equivalent to impossible for non technical users and that may be good enough security in some scenarios such as this one.

Best,

Joe

11/20/2011 4:37:22 PM
IndigoTea
Gravatar
Total Posts 355
View Posts

Re: Secure Video Player for mojoPortal - Suggestions?

Exactly! I'm actually looking forward to implementing it - time to switch back to that side of the brainmeats, they're getting a bit lazy. Write a little code, make pretty pictures...wink

12/15/2012 4:16:56 AM
Ken Van Gilbergen
Gravatar
Total Posts 27
View Posts
https://ict.ken.be
Hybrid coding since
the dawn of time.

Re: Secure Video Player for mojoPortal - Suggestions?

Hi IndigoTea,

Did you in the end succeed in implementing your solution? Where you able to combine it with the membership add-on?

If so are you willing to share your solution or help me on the correct way.

Thanks,

Ken

12/15/2012 4:54:57 PM
IndigoTea
Gravatar
Total Posts 355
View Posts

Re: Secure Video Player for mojoPortal - Suggestions?

Ken,

I ended up implementing a modified version of the Audio/Video plugin, which displays the video in a lightbox. It's not perfectly secure, but it's obfuscated enough that someone has to be pretty determined to grab the videos directly, and have the correct access privileges to the storage folder itself.

The Membership Pro plugin works perfectly with the mojoPortal integrated rights and roles, so that's an absolute win. This feature is a great revenue generator for your clients who have premium video content such as webinars, etc.

12/19/2012 1:55:05 PM
Ken Van Gilbergen
Gravatar
Total Posts 27
View Posts
https://ict.ken.be
Hybrid coding since
the dawn of time.

Re: Secure Video Player for mojoPortal - Suggestions?

Hi, thanks for the quick reply. A pitty you worked around it, cause I really need it to be not reachable, will figure it out and post once I come to it. 

I bought the premium membership addon... it's something I already have for other sites but this way I didn't have to convert all my code to mojo. And I finally had the opportunity to support a bit all off joe's work.

Cheers,

You must sign in to post in the forums. This thread is closed to new posts.