Results 1 to 4 of 4

Thread: HLS delivery to IOS/Android native player

  1. #1

    Exclamation HLS delivery to IOS/Android native player

    Hi there,

    I have been really struggling with the security measurement for our wowza server. I have been researching for 2 weeks now but have not found a sound solution so any help/direction would be much appreciated.

    My situation is as follow:

    My company host a huge number of video on S3 and we decided to user cloudfront RTMP to delivery the content to Desktop (which is working fine and secured properly).

    We want to use wowza server to serve content to mobile device HLS to IOS device and modern Android devices with RTSP fallback.

    We have been successfully to serve HLS to IOS device with vods3 and the content is displayed using the device native player.

    The problem is that we want to secure the connection so that user cannot guess the URL and then access it without any credential. Since we want to use the native player, we cannot use the DRM technique to setup a secret key and store/send it to the player.

    My question is whether wowza support a technique (similar to signed-url in Cloudfront) so that the URL must be generated using a secret key on our server and have a time-expired?

    Best regards,

    Quang

  2. #2

    Default

    This is from the Cloudfront FAQ found here:

    "At this time, live streams can't be delivered securely by using CloudFront-signed URLs because of the nature by which player applications generate URL requests for the live stream data. However, progressively downloaded media can be delivered privately by using signed URLs. For more information, see Serving Private Content through Cloudfront."

    Salvadore

  3. #3

    Default

    Quote Originally Posted by salvadore View Post
    This is from the Cloudfront FAQ found here:

    "At this time, live streams can't be delivered securely by using CloudFront-signed URLs because of the nature by which player applications generate URL requests for the live stream data. However, progressively downloaded media can be delivered privately by using signed URLs. For more information, see Serving Private Content through Cloudfront."

    Salvadore
    Hi Salvadore,

    Thank you for your reply. I have read the thread you mentioned above. However, it does not cover my issue.

    I decided to use Cloudfront only for RTMP and Wowza for HLS and RTSP fallback.

    My issue is that there is a rule for file name (xxxx.mp4) so that everyone who know how wowza work can construct the URL to get access to the video :

    http://[wowza-AWS-ip-address/vods3/_.../mp4:amazons3/[folder-name]/[folder-name]/xxxx.mp4/playlist.m3u8"

    My question is whether I can create a time-base and a shared secret as a token so that URL must be constructed by our server to get access to the HLS stream

    http://[wowza-AWS-ip-address/vods3/_.../mp4:amazons3/[folder-name]/[folder-name]/xxxx.mp4/playlist.m3u8&EXP-Time&secret_key

    We don't provide live stream only video on demand.

    Best regards,

    Quang

  4. #4

    Default

    There is no time based token, but you can make one. A forum user has created a similar module here:
    Custom stream authorization and expiration module

    Also, take a look at the Security Overview for more information

    Salvadore

Similar Threads

  1. HLS streaming of mp3 file to Android ICS using JW Player 5.9
    By dulmandakh in forum Media Players and Devices Discussion
    Replies: 3
    Last Post: 03-24-2015, 04:29 PM
  2. Replies: 3
    Last Post: 03-21-2014, 10:17 AM
  3. Playing rtsp in android without native player
    By stream4life in forum General Forum
    Replies: 2
    Last Post: 12-19-2013, 12:46 AM
  4. Replies: 8
    Last Post: 07-03-2012, 07:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •