Hi I am currently observing a few sites for potential ideas. One thing I came across on one of the sites is how the source url of a video includes the timestamp in it. So for example, if I click on the link to view the video, the time that the server acknowledges the request is put into the actual video url (this can be seen when looking at the source code) - eg nameOfVideo_17062013_192145.mp4. Also this link is only valid for a short time before a new request and a new link is required. My question is, obviously the video only has one real source, but how is the website able to cover up the real source by one with a timestamp (which shouldnt be the real source as the time will always change and the location wont always change). This is assuming there is a cover up. Secondly, is it possible to find out the true location of a video? Unfortunatley I dont want to give links to these websites and discuss them here without the owners permission. As a programmer, I am interested in how this concept works. Thanks
how is the website able to cover up the real source by one with a timestamp
HTTP URLs are mapped on to resources by software. The resources could be files on the file system, or they could be generated on the fly. The mapping could be done by the HTTP server itself or it could be a program called by the HTTP server. There are many options for both.
An Apache configuration might look something like:
FastCgiServer /opt/bin/video_fastcgi.pl -processes 3 -initial-env VIDEO_CONFIG=/opt/etc/video/production
Alias /videos/ /opt/bin/video_fastcgi.pl/
Secondly, is it possible to find out the true location of a video?
The true location is a file on a disk somewhere. To access it you either need to be using the computer that is running the HTTP server or you need something to make it available over the network. There is no reason to assume that the HTTP server will make it available other than through the dynamic URL (and no way to find out what other URLs it is available at given a single example).
Related
I have question something similar to this question, I am using jwplayer for playing my videos. I have saved my videos in CDN. Due to some requirements, I have to save my subtitle first in cdn and then save both video file url and associated subtitle urls [eng, chinese, japanese etc] in DB.
When I make a Ajax call to retrieve the data in my JS file from PHP file. It is taking more time and it is causing performance issue.
I was wondering if there is any DB option in CDN, so that instead of saving those detail in my db I can directly save this info (associated subtitles of one video file) in CDN. since retrieving from CDN is much faster it will surely improve the performance.
CDNs just bring static information closer to the users, caching that information in points-of-presence (PoPs) around the globe. It is mostly done by web-servers sitting within those PoPs. So whatever you can't retrieve by HTTP GET will likely be a problem. For example, legacy protocol RTMP (also video) is supported by legacy CDNs (Level3/Akamai/EdgeCast), but not by newly formed Cloudflare/Cloudfront and so on, because it requires adds-on to web-server and clutters workflows.
Technically, any static database can be stored in a file, and the file can be cached by a CDN. But then, again, it would be your code that takes care of db->file->db metamorphosis. Therefore, if something is static, you don't really want to use database for it (to be future/CDN-proof). Subtitles are just text files, so let them be files in asset folders. I appreciate that high level architecture might be beyond your control here (due to specific ingesting system for instance), but then the answer is that you won't be able to do what you try, and resulting performance will suffer.
If you have the bucks you can look at Continuent.
http://www.continuent.com/solutions/pricing-and-services
In Imgur, you can input an image URL and a few seconds later, there's a thumbnail of the image. Or in Bing Search, you can (or used to) be able to view a thumbnail of the website in the search results before visiting it.
I would love to implement something similar for my website, but I can't wrap my head around on how it is done. Moreover, are there not security concerns? I'd imagine the servers have to at least download the website, render it and take a screenshot. What if it's a malicious website, and you download something malicious on your server?
A headless Web browser engine like PhantomJS can be used for this. See example on their wiki. Yes, it would be prudent to run this in some sort of a sandbox, feeding a queue of URLs into it, then taking the generated thumbnails from the file system.
While I don't know the internal workings of any of the aforementioned services, I'd guess that they download/create a local copy of the images and generate a thumbnail from that.
Imgur, as an image hosting service, definitely needs a copy of the image prior to being able to generate thumbnails or anything else from it. The image may be stored locally or just in memory, but either way, it must be downloaded.
The search engines displaying screenshots of the sites likely have services that periodically take a screenshot of the viewable area when the content is getting indexed, and then serve those screenshots (or derivatives) along with the search results. Taking a screenshot really isn't dangerous, so there's nothing to worry about there, and whatever tools are used to load/parse/index the websites will obviously be written with security considerations in mind.
Of course, there are security concerns about the data you're downloading, too; the images can easily contain executable code (such as PHP) in their EXIF data, so you need to be careful about what you do with the images and how.
Is there anyway to hide .swf path showing up from webpage?
you can use a php script something like getswf.php?name=flash.swf in your flash tags. Then create getswf.php script to respond with output of flash.swf file, and keep flash.swf file in a directory outside of public directory.
There may be ways to make it difficult to view. However, nothing you do can stop an intelligent adversary from using a tool like Fiddler to monitor web traffic and undo all your obfuscation.
I think this is a fairly pointless exercise. Any resource that gets sent to a browser, be it an image, sound, flash movie, even flv files loaded by the YouTube player, can all be saved to disk fairly easily.
As Justin mentions, Fiddler can achieve this easily.
As others answered it there are ways to do it using your script. If you are looking for a paid option check this out Media Vault.
Hiding the URL to the swf file might be quite a challenge but there are other things you can do if you're wanting to more closely protect the video/data being displayed by the swf.
I'll run through a couple of ideas in the order I think them most obfuscated with the least first. Bare in mind that most of these techniques merely make it harder to get to the information/video rather than making it impossible to obtain.
The main idea most sites tend to follow is that of having the swf as a player and the content in another file somewhere else, usually an flv or mp4 etc.
Add flv location through Javascript
This technique is as basic as it sounds. You have your swf player on the page and pass a new variable too it (such as 'file') with the location to the flv file using Javascript. If you're already loading your content with some kind of JS flash module then all the easier to begin implimenting.
Obfuscating flv location through XML
Another techniqe I've seen used quite recently is that of having an XML document as a paremeter to the swf player and then the flash player itself resolves the URL of the flv from a node in the XML. It's easy to get to the flv URL if you want to but it does make it that little bit harder.
Token access
This technique can be used in conjunction with any of the above two. You basically ensure that your flv files can only be accessed with the use of a special token otherwise the page returns a HTTP error. The token would be understood by the flash player and the server and upon the player making a request for the flv, a token must be included (usuallu the token itself is obfuscated in some way that it cannot be easily mimmicked through a simple GET request).
Domain access
Very similar to the above however in this case, the flv file will only be loaded when the requesting URL is a specific site. All other requests will be denied (such as directly hitting the flv location in your browser.
As stated above, none of these methods make it impossible to get hold of your flash material. If it's on the web (or any network for that matter), it's possibly a target. You'll usually find for most things that making it harder to obtain will deter a lot of those who would otherwise have been privy to downloading your content.
Completely hiding the URL to the swf
If your only criteria is to hide the URL then hiding it behind a URL rewrite is the best option I can think of.
Your swf might be at /location/flash/player.swf?file=summer.flv and then you could do a URL rewrite to something like /vacations/summer2011/.
This way the URL to the swf is completely hidden away and this should satisfy your desire to hide the swf path.
The answer is NO.
You may not want to believe it. but it is a fact. you can do all you like to obfuscate it. but the browser needs to find it. if the browser can find it so can anyone else.
A server side script that acts as a loader will hide the real path to the file, but to what purpose. the end result is the file is still available.
If you want a simple answer, so simple people can't find it then the people here have given you some suggestions. obfuscation is the best you can hope to achieve.
Alternately only allow approved users access to the file. that way they need to log in to get access to it. but if you want it available publicly then its well, public!
DC
I have an image that send to affiliate for advertising.
so, how can I find it out from my server the number of times that image been downloaded?
does server log keep track of image upload count?
---- Addition ----
Thanks for the reply.. few more questions
because I want to do ads rotation, and tracking IP address, etc.
so, i think I should do it by making a dynamic page (php) and return the proper images, right?
In this case, is there anyway that I can send that information to Google Analytics from the server? I know I can do it in javascript. but now, since the PHP should just return the images file. so what I should do? :)
Well This can be done irrespective of your web Server or Language / Platform.
Assuming the File is Physically stored in a Certain Directory.
Write a program that somehow gets to know which file has to be downloaded. Through GET/POST parameters. There can be even more ways.
then point that particullar file physically.
fopen that file
read through it byte by byte
print them
fclose
store/increment/updatethe download counter in database/flatfile
and in the database you may keep the record as md5checksum -> downloadCounter
It depends on a server and how you download the image.
1) Static image (e.g. URL points to actual image file): Most servers (e.g. Apache) store each URL served (including the GET request for the URL for the image) in access log. There are a host of solutions for slicing and dicing access logs from web servers (especially Apache) and obtaining all sorts of statistics including count of accesses.
2) Another approach for fancier stuff is to serve the image by linking to a dynamic page which does some sort of computation (from simple counter increment to some fancy statistics collection) and responds with HTTP REDIRECT to a real image.
Use Galvanize a PHP class for GA that'll allow you to make trackPageView (for a virtual page representing your download, like the file's url) from PHP.
HTTP log should have a GET for every time that image was accessed.
You should be able to configure your server to log each download. Then, you can just count the number of times the image appears in the log file.
I'm putting together a portfolio website which includes a number of images, some of which I don't want to be viewable by the general public. I imagine that I'll email someone a user name and password, with which they can "log-in" to view my work.
I've seen various solutions to the "hide-an-image" problem on line including the following, which uses php's readfile. I've also seen another that uses .htaccess.
Use php's readfile() or redirect to display a image file?
I'm not crazy about the readfile solution, as it seems slow to load the images, and I'd like to be able to use Cabel Sasser's FancyZoom, which needs unfettered access to the image, (his library wants a link to the full sized image), so that rules out .htaccess.
To recap what I'm trying to do:
1) Provide a site where I give users the ability to authenticate themselves as someone I'd like looking at my images.
2) Restrict random web users from being able see those images.
3) Use FancyZoom to blow up thumbnails.
I don't care what technology this ends up using -- Javascript, PHP, etc. -- whatever's cleanest and easiest.
By the way, I'm a Java Developer, not a web developer, so I'm probably not thinking about the problem correctly.
Instead of providing a link to an image. Provide a link to a cgi script which will automatically provide the proper header and content of the image.
For example:
image.php?sample.jpg
You can then make sure they are already authenticated (e.g. pass a session id) as part of the link.
This would be part of the header, and then your image data can follow.
header('Content-Type: image/jpeg');
Edit: If it has to be fast, you can write this in C/C++ instead of php.
Using .htaccess should be the safest/simplest method, as it's built in functionality of the webserver itself.
I do not know if it fits your needs, but I solved a similar poblem(giving pictures to a restricted group of people) by using TinyWebGallery, which is a small gallery application without database.
You can allow access to different directories via password and you can upload pictures directly into the filesystem, as TinyWebGallery will check for new dirs/pics on the fly. It will generate thumbnails and gives users possibility to rate / comment pictures (You can disable this).
This is not the smallest tool, however I thik it is far easier to setup than using apache directives and it looks better as naked images.
If you're using Nginx, you could use the Secure Link module.