Protect streamed files from being downloaded

Kiril Angov kupokomapa at
Fri Jul 4 10:53:46 MSD 2008

I was thinking something along these lines: You have the flash movie
player implement a procedure where you use php flash remoting
( to ask the server for a token which token is
then sent either in the URL of the FLV or as a header to nginx, then
as Rob Schultz recommended, use the "internal" directive and
"X-Accel-Redirect". You can have the token valid for 5 seconds so that
nobody can use it again (and also specific for the video content). I
think you can make the communication between Flash and PHP secure
enough so that a simple reverse engineer of the Flash player itself
cannot do much to the user wanting to get the logic of your

Anybody sees something wrong with this?


On Fri, Jul 4, 2008 at 2:18 AM, Eden Li <eden at> wrote:
> Unfortunately whatever method you use to "protect" the progressive
> download, it can still be thwarted.  Youtube *does* do work to prevent
> someone from just hotlinking to an FLV, but as many of the "download
> youtube video sites" suggest, it's easy to just reverse engineer the
> protection.  Even a pure streaming solution (e.g. flash media server)
> can be saved out to disk.  However, the newer versions of flash have
> stream DRM which make it much easier to protect (e.g. almost
> impossible to hack), but you have to use proprietary Adobe software to
> do this :(
> On Thu, Jul 3, 2008 at 5:37 PM, Thomas <iamkenzo at> wrote:
>> No that's not what I want.
>> I want any user to be able to watch a movie being streamed, but I
>> don't want the users to easily be able to download the movie as a
>> file. This is mandatory for streaming copyrighted music or videos.

More information about the nginx mailing list