1

I offer a subscription service where users pay $9/month to access 100's of videos. Earlier my videos were uploaded on Wistia and they had a feature of domain access - so only if the videos were accessed from my domain - they would play. If anyone copies the embed code and tries to access it - the video will not play.

I am now in the process of migrating the videos to Google Cloud storage.

The current setup is as follows

  1. Have created a public access bucket in Google and uploaded all the videos
  2. Copied the public access mp4 URL of each video and stored in the database.
  3. When a paid user logs in and accesses the video, the URL is passed on to flowplayer which plays the video.

Issue

Since the Google bucket has public access - the mp4 URL's can be accessed and shared easily. A user can pay $9 for the first month and then view source of the page and get the URL of the mp4 file and download all the 100's of videos and can distribute them freely or upload them on youtube.

Possible Solutions

  1. Can something be done at Google Storage to prevent this. To my earlier question, signed URL's were suggested but they do not resolve this issue. Is there any other option of ACL or CORS that makes the videos secure so that they play only on my website or provide some other form of prevention.

  2. Can something be done programmatically. My site is built on PHP. Can URL's be masked or made difficult to access via source code.

  3. Can something be done through flowplayer. I believe they also have paid versions. Do they provide any form of access security.

I realize if people want they can find numerous tools to download the videos - all I want to do is not show the direct link to mp4 file in the view source code.

Thanks

Gublooo
  • 2,550
  • 8
  • 54
  • 91

1 Answers1

2

If you make the videos public and offer them via their public access urls then there is no way to restrict access to the no-longer-paying users while still allowing access to paying users. From Making Data Public:

Note: When an object is shared publicly, any user with knowledge of the object URI can access the object for as long as the object is public.

So to achieve what you want you need to either:

  • stop making your videos public. Use any of the Access Control Options best fits your case. Signed URLs are a good choice. You use your own desired access logic (like checking your domain, for example) to condition the signed URL generation.

  • NEVER publish the public access urls. Use the same access control options as above. Signed URLs are effective, but only if you use them, not the public access URls as you do now. Note: not sharing the public urls doesn't ensure they can't be guessed and leaked (accidentally or intentionally), thus potentially bypassing any access control you may have in place (see security by obscurity). Might as well drop the shared public access. Signed URLs can be used for uploads as well (if that's your concern).

It's not impossible to have your own access control method (which is what you're hinting at #2, I think) or a 3rd party one (your #3). But the above note applies in both cases - they can be bypassed if the videos are publicly shared. So why bother?

Dan Cornilescu
  • 39,470
  • 12
  • 57
  • 97
  • 1
    Hi Dan - thanks for your detailed post. No the idea is not to keep them public - my current production videos are on wistia that provide domain access. I've moved a few videos to Google storage and experimenting. I've been playing around with Signed URL's but I'm only able to pass a time limit for the URL to be active. But that does not help because even if I keep the URL active for 10 mins (egs) - that is sufficient time for anyone to view the source and copy the URL and download it. You mentioned adding logic like checking domain - can you explain how that can be done. Appreciate your time. – Gublooo Feb 11 '19 at 04:14
  • 1
    What I meant was to use the domain logic when generating the signed URLs, one for each video play request (even if for the same video). But indeed, once the signed URLs is out anyone having it can access the object until the link expires. – Dan Cornilescu Feb 11 '19 at 05:17
  • 1
    Thanks Dan - I'm passing the signed URL to flowplayer. If I keep the expiry time too low then the video does not get buffered - if I keep the expiry time high - then it gives enough time to download. Trying to find the right balance. Thanks – Gublooo Feb 11 '19 at 06:01
  • I am facing exactly the same issue as you Gubloo, did you finally find a solution to this problem? – Lawrence O Jul 15 '20 at 23:39
  • in addition to the signed url I think you could set cors to allow GET only from an specific domain https://cloud.google.com/storage/docs/gsutil/commands/cors – Jean Oct 21 '20 at 18:55