Quote:
Originally Posted by McFly85
My host set me up with Lighttpd pseudo streaming for mp4s in my member site but I have a security concern and question for anybody who might be using it. Streaming works with jwplayer but since my content is protected with htaccess you can copy and paste the location of my file from the html page source into a browser and download my mp4s without logging in.
The file location variable includes port :81 and since Lighttpd doesn't support htaccess the mp4 will download without any security blocking it.
Just curious if anyone using Lighttpd knows of a solution to prevent this security hole?
|
Two solutions,
1) Install mod_h264 and mod_flv into apache and just stream using apache behind your htaccess
2) Setup mod_secdownload in lighttpd to make protected downloads links