Video streaming solution?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Video streaming solution?

Keith M. Rettig
One of my clients “streams” video from my server.  They are just .mp4 files.
They wrap the video in a simple Lasso [if] ; that is   [if:cookie:ctype=="member”]video here[else]”you are not authorized[/if]   to control access.
We know this isn’t secure in any real sense, but the wall is high enough to keep the low effort riffraff out.
I would like to make it more “secure”.  Not secure, just more secure. :)

Is there a way to use Lasso to obfuscate the URL that is pointing to the video?
        [I noted to my client that I could sign in, get the URL and then just download the video and share it]
        [this is a case of the wall not being very high but high enough]

I am using Apache on a MacMini for this customer with Lasso 9.3.3.  It is connected to a Filemaker Server (currently v16 but will be moved to v17 soon).

I have a bunch of spare MacMinis, so if there is a Mac-based video streaming server out there that someone feels like it would work for me, I would love to hear from you.
Doesn’t need to be too powerful; currently they serve hundreds of video views a year.  I would like to get them to a few thousand per year.

One idea I had;
Customer logs in.  Asks to “check out” video.
Filemaker Server uses BaseElements plug-in to log into FTP server and copies the source video into a special folder and gives it a unique filename.
Lasso returns the page to the customer and calls the very unique video URL (using the customer ID and some random GUID).
Files are deleted from the special folder after x hours.
Doesn’t stop the customer from downloading the file and sharing but makes it not possible to save the URL for sharing since the file goes away in x hours.

Thanks in advance for any better ideas.
Keith.

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Video streaming solution?

Kevin Bice
I would suggest that you look at the different types of accounts Vimeo offers. They offer ways to limit where a video is available as well a other options like password protection. Very inexpensive, and the streaming quality is unbeatable. That is what I have moved to this last couple of years, and it allows them to be totally non-branded too.
……………...
Kevin Bice
512.879.1653




> On Sep 11, 2018, at 7:46 PM, Keith M. Rettig <[hidden email]> wrote:
>
> One of my clients “streams” video from my server.  They are just .mp4 files.
> They wrap the video in a simple Lasso [if] ; that is   [if:cookie:ctype=="member”]video here[else]”you are not authorized[/if]   to control access.
> We know this isn’t secure in any real sense, but the wall is high enough to keep the low effort riffraff out.
> I would like to make it more “secure”.  Not secure, just more secure. :)
>
> Is there a way to use Lasso to obfuscate the URL that is pointing to the video?
> [I noted to my client that I could sign in, get the URL and then just download the video and share it]
> [this is a case of the wall not being very high but high enough]
>
> I am using Apache on a MacMini for this customer with Lasso 9.3.3.  It is connected to a Filemaker Server (currently v16 but will be moved to v17 soon).
>
> I have a bunch of spare MacMinis, so if there is a Mac-based video streaming server out there that someone feels like it would work for me, I would love to hear from you.
> Doesn’t need to be too powerful; currently they serve hundreds of video views a year.  I would like to get them to a few thousand per year.
>
> One idea I had;
> Customer logs in.  Asks to “check out” video.
> Filemaker Server uses BaseElements plug-in to log into FTP server and copies the source video into a special folder and gives it a unique filename.
> Lasso returns the page to the customer and calls the very unique video URL (using the customer ID and some random GUID).
> Files are deleted from the special folder after x hours.
> Doesn’t stop the customer from downloading the file and sharing but makes it not possible to save the URL for sharing since the file goes away in x hours.
>
> Thanks in advance for any better ideas.
> Keith.
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Video streaming solution?

Marc Pope-2
Livestream.com also does that. Building a real video solution is a lot of work.

> On Sep 12, 2018, at 1:30 PM, Kevin Bice <[hidden email]> wrote:
>
> I would suggest that you look at the different types of accounts Vimeo offers. They offer ways to limit where a video is available as well a other options like password protection. Very inexpensive, and the streaming quality is unbeatable. That is what I have moved to this last couple of years, and it allows them to be totally non-branded too.
> ……………...
> Kevin Bice
> 512.879.1653
>
>
>
>
>> On Sep 11, 2018, at 7:46 PM, Keith M. Rettig <[hidden email]> wrote:
>>
>> One of my clients “streams” video from my server.  They are just .mp4 files.
>> They wrap the video in a simple Lasso [if] ; that is   [if:cookie:ctype=="member”]video here[else]”you are not authorized[/if]   to control access.
>> We know this isn’t secure in any real sense, but the wall is high enough to keep the low effort riffraff out.
>> I would like to make it more “secure”.  Not secure, just more secure. :)
>>
>> Is there a way to use Lasso to obfuscate the URL that is pointing to the video?
>>    [I noted to my client that I could sign in, get the URL and then just download the video and share it]
>>    [this is a case of the wall not being very high but high enough]
>>
>> I am using Apache on a MacMini for this customer with Lasso 9.3.3.  It is connected to a Filemaker Server (currently v16 but will be moved to v17 soon).
>>
>> I have a bunch of spare MacMinis, so if there is a Mac-based video streaming server out there that someone feels like it would work for me, I would love to hear from you.
>> Doesn’t need to be too powerful; currently they serve hundreds of video views a year.  I would like to get them to a few thousand per year.
>>
>> One idea I had;
>> Customer logs in.  Asks to “check out” video.
>> Filemaker Server uses BaseElements plug-in to log into FTP server and copies the source video into a special folder and gives it a unique filename.
>> Lasso returns the page to the customer and calls the very unique video URL (using the customer ID and some random GUID).
>> Files are deleted from the special folder after x hours.
>> Doesn’t stop the customer from downloading the file and sharing but makes it not possible to save the URL for sharing since the file goes away in x hours.
>>
>> Thanks in advance for any better ideas.
>> Keith.
>>
>> #############################################################
>>
>> This message is sent to you because you are subscribed to
>> the mailing list Lasso [hidden email]
>> Official list archives available at http://www.lassotalk.com
>> To unsubscribe, E-mail to: <[hidden email]>
>> Send administrative queries to  <[hidden email]>
>
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Video streaming solution?

Mason Miller
In reply to this post by Keith M. Rettig
What about using sessionID’s and mod_rewrite?

setup a rewrite rule for something like /videos/sessionID/filename.


Pass the sessionID and filename as parameters to a file called something like streamer.lasso?sessionID=xdxxxx&filename=myfile.mp4

in that file check to see if the sessionID is  a current/valid session, if so use [File_Stream] <http://reference.lassosoft.com/LassoReference.LassoApp?[File_Stream]> to stream the video file to the client. If not, redirect to an error page. This way you can put the video files in a directory not available via the web server, but still stream to those with appropriate rights.

Mason

> On Sep 11, 2018, at 8:46 PM, Keith M. Rettig <[hidden email]> wrote:
>
> One of my clients “streams” video from my server.  They are just .mp4 files.
> They wrap the video in a simple Lasso [if] ; that is   [if:cookie:ctype=="member”]video here[else]”you are not authorized[/if]   to control access.
> We know this isn’t secure in any real sense, but the wall is high enough to keep the low effort riffraff out.
> I would like to make it more “secure”.  Not secure, just more secure. :)
>
> Is there a way to use Lasso to obfuscate the URL that is pointing to the video?
> [I noted to my client that I could sign in, get the URL and then just download the video and share it]
> [this is a case of the wall not being very high but high enough]
>
> I am using Apache on a MacMini for this customer with Lasso 9.3.3.  It is connected to a Filemaker Server (currently v16 but will be moved to v17 soon).
>
> I have a bunch of spare MacMinis, so if there is a Mac-based video streaming server out there that someone feels like it would work for me, I would love to hear from you.
> Doesn’t need to be too powerful; currently they serve hundreds of video views a year.  I would like to get them to a few thousand per year.
>
> One idea I had;
> Customer logs in.  Asks to “check out” video.
> Filemaker Server uses BaseElements plug-in to log into FTP server and copies the source video into a special folder and gives it a unique filename.
> Lasso returns the page to the customer and calls the very unique video URL (using the customer ID and some random GUID).
> Files are deleted from the special folder after x hours.
> Doesn’t stop the customer from downloading the file and sharing but makes it not possible to save the URL for sharing since the file goes away in x hours.
>
> Thanks in advance for any better ideas.
> Keith.
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

Mason Miller

[hidden email]
https://www.listingstogo.com/

[hidden email]
https://www.sitewelder.com/

703-626-5532 cell



#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Video streaming solution?

Kevin Bice
In reply to this post by Marc Pope-2
Vimeo is less per year than LiveStream costs for a month though. Really depends on your needs/demands.
……………...
Kevin Bice
512.879.1653




> On Sep 12, 2018, at 1:04 PM, Marc Pope <[hidden email]> wrote:
>
> Livestream.com also does that. Building a real video solution is a lot of work.
>
>> On Sep 12, 2018, at 1:30 PM, Kevin Bice <[hidden email]> wrote:
>>
>> I would suggest that you look at the different types of accounts Vimeo offers. They offer ways to limit where a video is available as well a other options like password protection. Very inexpensive, and the streaming quality is unbeatable. That is what I have moved to this last couple of years, and it allows them to be totally non-branded too.
>> ……………...
>> Kevin Bice
>> 512.879.1653
>>
>>
>>
>>
>>> On Sep 11, 2018, at 7:46 PM, Keith M. Rettig <[hidden email]> wrote:
>>>
>>> One of my clients “streams” video from my server.  They are just .mp4 files.
>>> They wrap the video in a simple Lasso [if] ; that is   [if:cookie:ctype=="member”]video here[else]”you are not authorized[/if]   to control access.
>>> We know this isn’t secure in any real sense, but the wall is high enough to keep the low effort riffraff out.
>>> I would like to make it more “secure”.  Not secure, just more secure. :)
>>>
>>> Is there a way to use Lasso to obfuscate the URL that is pointing to the video?
>>>   [I noted to my client that I could sign in, get the URL and then just download the video and share it]
>>>   [this is a case of the wall not being very high but high enough]
>>>
>>> I am using Apache on a MacMini for this customer with Lasso 9.3.3.  It is connected to a Filemaker Server (currently v16 but will be moved to v17 soon).
>>>
>>> I have a bunch of spare MacMinis, so if there is a Mac-based video streaming server out there that someone feels like it would work for me, I would love to hear from you.
>>> Doesn’t need to be too powerful; currently they serve hundreds of video views a year.  I would like to get them to a few thousand per year.
>>>
>>> One idea I had;
>>> Customer logs in.  Asks to “check out” video.
>>> Filemaker Server uses BaseElements plug-in to log into FTP server and copies the source video into a special folder and gives it a unique filename.
>>> Lasso returns the page to the customer and calls the very unique video URL (using the customer ID and some random GUID).
>>> Files are deleted from the special folder after x hours.
>>> Doesn’t stop the customer from downloading the file and sharing but makes it not possible to save the URL for sharing since the file goes away in x hours.
>>>
>>> Thanks in advance for any better ideas.
>>> Keith.
>>>
>>> #############################################################
>>>
>>> This message is sent to you because you are subscribed to
>>> the mailing list Lasso [hidden email]
>>> Official list archives available at http://www.lassotalk.com
>>> To unsubscribe, E-mail to: <[hidden email]>
>>> Send administrative queries to  <[hidden email]>
>>
>>
>> #############################################################
>>
>> This message is sent to you because you are subscribed to
>> the mailing list Lasso [hidden email]
>> Official list archives available at http://www.lassotalk.com
>> To unsubscribe, E-mail to: <[hidden email]>
>> Send administrative queries to  <[hidden email]>
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Video streaming solution?

Jolle Carlestam-2
In reply to this post by Keith M. Rettig
I have not dealt with streaming video from Lasso and thus can’t speak of own experience. But I do share files securely. What I do in regards to file access is that I provide a link like mysite.tld/file/OWI5Yzc4NjAtNTRiZi00MGZhLWIwNjgtZGZkZDgyNDcyMTc3fHw1MDB8fEk/secretreport.doc

The web server (Apache) is setup to catch anything to /file/xxx and send it to Lasso. Apache uses FallbackResource directive for this:
        <Directory ”/path/to/site/file">
                FallbackResource file.lasso
        </Directory>

The targeted Lasso method grabs the URL and collects the first part after /file/. The last part, the actual file name, is only for cosmetic use to benefit the user. It is not used for the actual retrieval of the file.

The grabbed identifier is decoded into a GUUID and used to look for the file record in a file table. Using that information the security of the file is evaluated and checked that the user is allowed to see that particular file. If the check validates the file is served. If not, an error is returned instead with proper header adjustments making it a 422 error.

Files are stored in a protected directory that Lasso can access but not Apache. They are stored using the file record GUIID as file name. The original file name is only stored in the file table record and used to decorate the visible URL.


Now, to translate this to the requested need for video streaming. I would try to merge my file security model with Vimeos option to only provide videos to embedded external sites.
https://vimeo.com/blog/post/eyes-privacy-settings-share-your-videos-securely

I have not done it and can’t say it would protect the videos from any kind of tampering. But it could be worth a deeper examination.

In Lasso have a similar setup as I do for files. Provide a link like mysite.tld/video/OWI5Yzc4NjAtN/newlaunch.mov. Evaluate the id part of the URL and if validated present a page that embeds the video from Vimeo.
Should anyone share the URL it would still require them to login or whatever mechanism you have to identify a valid user.


I would NOT attempt to stream the video from my own server. Providing videos is a strain on server, connection and whatnot. Leave that to the pros.
It is also worth noting that Lassos method file_stream is no different from file_serve in Lasso 9. They are both wrappers to web_response->sendFile and will do the exact same thing. Thinking that you somehow help yourself and the user by using file stream instead of file_serve is as pointless as tossing coins in a well and hoping you’ll get married.

HDB
Jolle

> 12 sep. 2018 kl. 02:46 skrev Keith M. Rettig <[hidden email]>:
>
> One of my clients “streams” video from my server.  They are just .mp4 files.
> They wrap the video in a simple Lasso [if] ; that is   [if:cookie:ctype=="member”]video here[else]”you are not authorized[/if]   to control access.
> We know this isn’t secure in any real sense, but the wall is high enough to keep the low effort riffraff out.
> I would like to make it more “secure”.  Not secure, just more secure. :)
>
> Is there a way to use Lasso to obfuscate the URL that is pointing to the video?
> [I noted to my client that I could sign in, get the URL and then just download the video and share it]
> [this is a case of the wall not being very high but high enough]
>
> I am using Apache on a MacMini for this customer with Lasso 9.3.3.  It is connected to a Filemaker Server (currently v16 but will be moved to v17 soon).
>
> I have a bunch of spare MacMinis, so if there is a Mac-based video streaming server out there that someone feels like it would work for me, I would love to hear from you.
> Doesn’t need to be too powerful; currently they serve hundreds of video views a year.  I would like to get them to a few thousand per year.
>
> One idea I had;
> Customer logs in.  Asks to “check out” video.
> Filemaker Server uses BaseElements plug-in to log into FTP server and copies the source video into a special folder and gives it a unique filename.
> Lasso returns the page to the customer and calls the very unique video URL (using the customer ID and some random GUID).
> Files are deleted from the special folder after x hours.
> Doesn’t stop the customer from downloading the file and sharing but makes it not possible to save the URL for sharing since the file goes away in x hours.
>
> Thanks in advance for any better ideas.
> Keith.
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>