[thelist] Amazon S3 for serving video: restricting permissions

Joel Canfield joel at bizba6.com
Sat Aug 29 14:51:09 CDT 2009

> Are you asking how to implement the Query String Auth?  Or how to have
> better control over what can be fetched?
> Seems like a reasonable solution -- don't cache the web page and
> generate URLs to Amazon with a life of only a few seconds or so.
I'll try to clarify: I'm putting my longer videos (FLV format) at S3 instead
of YouTube. Partly because YouTube has a length limit, partly because these
are for our members only.

The only ways I know to embed a video in a web page include exposing the URL
of the video file itself. I don't want to risk the possibility of
uncontrolled ad hoc bandwidth charges from Amazon.  I want to know that
someone watching the video is a paying member, which offsets my costs.

Now, HOW I do that, I really don't care. Query String Auth seems like the
tool they've provided, but I just plain don't understand their examples:
sure, I now have an HTTP connection. Okay, I'm a simple web developer, I
don't know what to DO with that HTTP connection.

If there's another *definite* method (obfuscation won't do) then that's
fine, too.

Thanks again; I really appreciate the continued feedback.


More information about the thelist mailing list