3

I was recently given an interesting problem: to securely (or at least as securely as flash & silverlight) stream video using HTML5. First off, yes, I know that the HTML5 video tag out of the box cannot do this, but what I'm wonder is if there's ANY way to do this.

My first idea was to use the canvas tag and get the video data via AJAX, but every tutorial I've seen seems to say that you have to use a video tag (not AJAX) to get the video data for the canvas tag. Is this true, or could AJAX be used somehow? Has anyone tried this? Any ideas?

More generally, does anyone have any better ideas about how this could be done? Is there anyway to make this happen? Any ideas?

Dylan Karr
  • 3,304
  • 4
  • 19
  • 29
  • 1
    What do you mean by “secure”? What is the attack model? Are you are trying to solve the (inherently insoluable) Copy Protection Problem?. Whilst you can certainly download data, write a JavaScript video decoder and output it to a canvas, it's masses of work, very very inefficient, difficult to sync with audio, and still represents only a layer of obfuscation that doesn't solve the Copy Protection Problem. – bobince Sep 05 '13 at 10:47
  • It doesn't have to completely solve the copy protection problem, just make it as difficult as Silverlight or Flash. Basically, I'm just thinking about a sort of flash or silverlight video player, comparable with what Netflix has, implemented in HTML5 and javascript. – Dylan Karr Sep 05 '13 at 16:56

1 Answers1

2

HTML5 in itself do not have any support for secure connections.

You can stream video and anything else over a HTTPS SSL-encrypted connection. Nothing in your browser outside this is secure in any sense (though nowadays SSL seem to loose grips too...).

WebRTC (official page) (see here for WebRTC draft) will support encryption on connection but currently this technology is relative experimental and unstable (but available in both Chrome and Firefox normal versions).

That being said: for WebRTC to be able to negotiate peers securely this negotiation need also to happen on an encrypted connection which mean you would need SSL in any case as the direct connection is not established at this point.

My advice would be to keep it simple and stream video the traditional way with a SSL connection.

  • Experimental and unstable are just fine for my purposes right now. This is going to be a little proof of concept project, not a full blown site yet. – Dylan Karr Sep 04 '13 at 20:13
  • @DylanKarr just have in mind that negotiation (setup) between the peers need to also to be on an encryption connection before an connection takes place. SSL would be the way to go in both instances. –  Sep 04 '13 at 20:32
  • Also check out the MediaCodec and MediaCrypto extensions which do allow you to build a security model, though it's going to take some work while it's still this bleeding edge... – Offbeatmammal Sep 07 '13 at 00:16