Quote:
Originally Posted by ottopottomouse
Never got an answer. |
fuck sorry!!
nope (they will never guess the location and "grab it") - the secure token is only used during the handshake between client and server. You can not prevent the end user knowing the stream/URL or where the content lies but...
1. You should be checking access levels/permissions before you diss up the page that contains the movie embed URL
2. The movie should *never* be accessible from a web server by a direct call
3. eg rtmpe url:
rtmpe://stream.domain.com/members/big_tits_n_ass/01/movie.mp4
tells the streaming server that the application to use (the one that checks for secure token, referrer, memberlogin credentials if supplied) is called "members"
this calls the application-specific config file which states where to find the files (NTP mounts no problem)....
Lets say, your apache root is /var/www and your streaming server's application "members" says content is stored in /content
stuff in /content is only available to the streaming server, not apache. The streaming server will look for the file:
/content/big_tits_n_ass/01/movie.mp4
and stream it - apache can't even touch it.
No way should the movie content directory be accessible from apache - only the streaming server, which already requires lots of paramters to be filled in (see point 3 of OP) before it will even start streaming....