View Single Post
Old 02-19-2009, 10:54 AM  
Big E
Registered User
 
Industry Role:
Join Date: Mar 2002
Location: San Diego, CA
Posts: 935
You do realize that you can access the videos directly (bypassing the PHP scripts):

http://www.yoursite.com/protected/secret/video1.wmv
etc.

And you do realize that all the redirections will reveal the "secret" directory, right?

It would take someone reasonably technical about 7 seconds to figure this all out, and then they would hot link directly to the "secret" videos and you'd continue on thinking you're "protected". (sigh)

One suggestion - you could serve up the thumbs/videos through the PHP script, but that's got its own problems.

You need to look into a token system that's built into Apache -- *not* PHP, which only protects HTML/PHP files, does not protect content. Note: this does not require any special software to do.

(hint: mod_rewrite and cookies)
Big E is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote