[thelist] Amazon S3 for serving video: restricting permissions

Mohan Arun L marun2 at gmail.com
Sat Aug 29 12:48:59 CDT 2009 

>>close, but playing with their demo, I can't see any way to embed video with
it, which is the challenge. which, maybe, I didn't mention earlier. sorry.

They have this on the web page:
"The S3Downloader also has the functionality of
Allowing you to directly display html and
streaming media files without a download dialog box"...

>>obfuscation always looks to me like a call for cracking. I need to protect
the original file. it's unlikely anything will every happen, but if some bot
started repeatedly downloading one of these 45-minute videos, I could rack
up thousands of dollars in charges at Amazon pretty quick. I can't afford
the risk.

I guess you need custom programming, since my best bet is that this is
not part of the standard S3 rest api.
Probably choose a one-time token from a list of tokens in the
database, pass this token to a script that validates the requester
(real visitor username/pass+browser+ip combination), marks it as
'used' in the database so the same token cant be used again, then
takes the video file, renames that file with this token, then streams
it for viewing, with every view, the filename will keep changing, so a
bot cant practically be able to get at the video, but a real visitor
can.

>>but that's no clearer than the Amazon tutorials.http://developer.amazonwebservices.com/connect/thread.jspa?messageID=96679&#96679

It is kind of easy to understand the flow of the sample code - code
creates HTTP headers (esp the Expires: headers) and accesses the file
- most likely your code will look very similar - what language are you
using? php or python?

>>what I really need is a clearer, simpler Querystring Auth tutorial.
http://blog.cloudberrylab.com/2009/07/amazon-s3-security-how-to-protect-your.html
scroll down until you come to the part about webinars. There are two
links to jumpclix, but if you click on either of them, the
"s3flowshield" prevents you from accessing the videos - so you may
want to actually check out the s3flowshield product. ($97)
You could ask the author of this article on twitter if he still has
the notes: http://twitter.com/WilsonMattos

a search in the s3 developer forum for "protect video" on cursory
glance shows some pertinent threads
http://developer.amazonwebservices.com/connect/search.jspa?objID=f24&q=protect+video



-----------------------------------------------
http://mohanarun.com/29-aug-2009/
-----------------------------------------------

More information about the thelist mailing list