I've got video files stored as:
www.example.com/video_files/abc.flv
My application uses FlowPlayer which streams this video file to the end user.
How can I restrict access to these files only to the application within the server and prevent ppl from typing in the url/file link directly and downloading the file?
The short answer is you can't, if the media is streamed unprotected. People with packet sniffers will always be able to dump the stream as it's sent to their browser.
If this is really important to you, you should investigate a DRM solution. (But note that DRM is not unbreakable either.)
No way to do it.
The best thing, that you can do, add to link some hash and timestamp.
For example www.example.com/video_files/abc.flv => www.example.com/video_files/12345678901234567890123456789012/12345678/abc.flv
12345678901234567890123456789012 - is hash
12345678 - is timestamp, to which that link will be valid.
as hash function you can use for example something like:
hash = md5(abc.flv12345678somesecretkey)
After reciving request, webserver must check hash and timestamp and after that output file to user or throw an error.
For each user you must generate it's own url with a small lifetime.
User can't redestribute url's because it's expires very quuickly.
PS, sorry for my bad english
Related
I am using asterisk 11.9.0 and i want to generate an outgoing call.I found that for outgoing i have to make a .call file and place it in a var/spool/asterisk/outgoing.I am following the link below
http://the-asterisk-book.com/1.6/call-file.html#call-file-parameter
my code is same as given in the above link,the above example uses only single fixed number to call.
My problem is that
i have to generate an outgoing to a number fetched from database(outgoing to new number everytime),so how to write the code of .call file for multiple numbers outgoing and how to pass these numbers fetched from database to .call file from my extensions.conf
Is there any way to do that.
I am new to asterisk.
Any help would be appreciated.
You can use vicidial.org software to do that things.
Note, it is very bad idea do outboudn dialler-like app in asterisk without understanding asterisk logic and very-hi skills in programming/database.
For more info you also can use this page
http://www.voip-info.org/wiki/view/Asterisk+auto-dial+out
Might be easier using WombatDialer as it has a plain API where you can tell it what you want it to do and it will take care of the rest. We have a plain set up for outbound and it took maybe a couple of days from zero to what we have now. ViciDial would have been overkill.
On why rolling your own is not a great idea, the Wombat manual is quite clear: http://manuals.loway.ch/WD_UserManual-chunked/ch01.html#_why_was_wombatdialer_created
You could also use the AMI (Asterisk Manager Interface), would be easier to program with a deamon running in the back to control what gets dialed and the responses to those dials. Mora info here https://wiki.asterisk.org/wiki/pages/viewpage.action?pageId=4817239.
How can I fetch the avatars of all the contacts in a user's XMPP/Jabber roster?
I have previously asked this question, and while implementing the <presence> handler, I noticed that the presence items my app receives are of the form:
<presence to="me" from="contact">
...some other stuff here...
<x xmlns="vcard-temp:x:update"><photo>3FB991AA97D7701C21EAFE65FB866E4BFF1B927C</photo></x>
</presence>
The 3FB991AA97D7701C21EAFE65FB866E4BFF1B927C part looks like a SHA hash to me, but how can I get the actual avatar of the user in question?
vCard-based Avatars are specified in XEP-0153. You are correct that the photo element contains a SHA1 hash. Request the vCard of the person that sent you the hash:
<iq to='juliet#capulet.com'
type='get'
id='vc2'>
<vCard xmlns='vcard-temp'/>
</iq>
And fish the photo out of the response:
<iq to='romeo#montague.net/orchard'
type='result'
id='vc2'>
<vCard xmlns='vcard-temp'>
<PHOTO>
<TYPE>image/jpeg</TYPE>
<BINVAL>
Base64-encoded-avatar-file-here!
</BINVAL>
</PHOTO>
</vCard>
</iq>
You MUST cache based on that if you're going to use this protocol, and you'll really want to throttle how often you ask for avatars when you start up (particularly the first time a user logs in). Grabbing bajillions of avatars in a short amount of time will likely get you rate-limited by your server otherwise.
Also, be very careful about calculating your SHA1 hash. I've seen several clients that aren't terribly careful, who end up in an endless loop re-requesting the same avatar over and over.
I suggest negative-caching if you request an avatar and it doesn't match the hash you expect; cache the fact that you aren't going to get an answer for that hash, and don't ask for it again next time. The sender's SHA1 logic is likely wrong in some interesting way, and it's not going to get better the next time you ask.
Finally, some clients are written to try asking the sender's server for vCard data using XEP-0054 first as XEP-0153 says, then fall back on asking the sender's client directly by sending an IQ get for the vCard to the sender's full JID (user#domain/resource). Be prepared to deal with those requests on the sender's side.
First, a bit of context:
I'm trying to implement a URL shortening on my own server (in C, if that matters). The aim is to avoid long URLs while being able to restore a context from a shortened URL.
Currently I have a implementation that creates a session on the server, identified by a certain ID. This works, but consumes memory on the server (and is not desired since it's an embedded server with limited resources and the main purpose of the device isn't providing web pages but doing other cool stuff).
Another option would be to use cookies or HTML5 webstorage to store the session information in the client.
But what I'm searching for is the possibility to store the shortened URL parameters in one parameter that I attach to the URL and be able to re-construct the original parameters from that one.
First thought was to use a Base64-encoding to put all the parameters into one, but this produces an even larger URL.
Currently, I'm thinking of compressing the URL parameters (using some compression algorithm like zip, bz2, ...), do the Base64-encoding on that compressed binary blob and use that information as context. When I get the parameter, I could do a Base64-decoding, de-compress the result and have hands on the original URL.
The question is: is there any other possibility that I'm overlooking that I could use to lossless compress a large list of URL parameters into a single smaller one?
Update:
After the comments from home, I realized that I overlooked that compressing itself adds some overhead to the compressed data making the compressed data even larger than the original data because of the overhead that for example zipping adds to the content.
So (as home states in his comments), I'm starting to think that compressing the whole list of URL parameters is only really useful if the parameters are beyond a certain length because otherwise, I could end up having an even larger URL than before.
You can always roll your own compression. If you simply apply some huffman coding, the result will always be smaller (but then base64 encoding it, it'll grow a bit, so the net effect may perhaps not be optimal).
I'm using a custom compression strategy on an embedded project I work with where I first use a lzjb (a lempel ziv derivate, follow link for source code, really tight implementation (from open solaris)) followed by huffman coding the compressed result.
The lzjb algorithm doesn't perform too well on very short inputs, though (~16 bytes, in which case I leave it uncompressed).
I'm currently developing a website, into which I've included a filter that attempts to obfuscate any e-mail addresses present in the webpages it serves.
As it is now, it converts the addresses into images.
I've also seen a few other methods in use; some split the address into characters and use generated javascript to include it in the final document, but that requires javascript, so it's not that useful in my opinion. The upside is it can be used to create a working mailto-link.
Another method, quite similar to the above, uses hex-notation to markup the e-mail address. I'm not really convinced it will thwart any serious harvesters though.
Others utilize the human brains' ability to understand language, and will either replace characters like the #-symbol with words, or separate the host and the username etc.
My question now is, how reliable is my method, of using generated images (whose filename do not give the address away) against scrapers, when I'm not using any distortion on the text in the images? Should I prefer a different method?
And as a continuation: if I wan't a fallback method, just in case the image creation should fail for some reason, which would be the smartest way to go?
Here you'll find many ways of obfuscating emails, and their effectiveness.
Hope it helps!
My question now is, how reliable is my method, of using generated images (whose filename do not give the address away) against scrapers, when I'm not using any distortion on the text in the images?
I don't have any data to back that up, but I would say: Quite reliable. Harvesters can get millions of addresses using "conventional" means; I don't think it's economically feasible for them to do image processing just to get a handful more.
And as a continuation: if I wan't a fallback method, just in case the image creation should fail for some reason, which would be the smartest way to go?
Use a good spam filter. :-) No, seriously, it's really hard keeping a mail address hidden from harvesters.
one possibility is to continue using the image, but replace it with text and a mailto link if javascript is enabled.
As long as you don't name the image something obvious, like emailadress.png, you should be pretty safe - I think.
I think it's all about providing some kind of 'are you human test' before you display the email or display the email in a way that is itself a test.
Thinking along the same lines maybe providing a link as the email address and running the tests before displaying the email might be a solution too.
As a user, an image-obfuscated email address is almost as useless as no email address. Whatever method you choose, I should ideally be given a mailto link, second best is some sort of your.name.69 AT longwebsitewhosnameicanteasilytranscribe.net style address.
I want to write a client program that communicates with the application server via standard TCP/IP. The client can speak to the application server and be authenticated by simply speaking in a specific text based protocol. The traffic will be encrypted, but there won't be username/password. If another application tries to communicate with the application server and if the application doesn't use the correct text based protocol, the application server will silently discard packets.
Waiting for suggestions.
You can use a simplified version of TLV (Tag Length Value).
The basic idea is to define a set of message types which are represented by a code of fixed size (the T for Tag). Depending the type of message the contents of it (the V for Value) can very so you specify its length (the L for Length) before the contents. The Length field also has fixed size
Suppose you have one message used to send user data to the server. You can define a message like:
0x01 0x0018 0x11 0x0003 tom 0x12 0x000F tom#hotmail.com
Tag: 0x10 User data. Length: 0x0018 Value: sub tags
Tag 0x11: user name Length: 0x0003 Value = tom
Tag 0x12: email. Length: 0x000F. Value = tom#hotmail.com
Edited:
I was about to forget: Merry Christmas :)
Take a look at BEEP.
You might also find some good examples at four.livejournal.com; he's gotten good results writing an HTTP parser using the Ragel state machine generator, and also by hand.
if your not comfortable with the limitited functionality (verbs) provided HTTP just add more verbs. This is what the REST architecture is for.
If you want to continue down your path of folly (your talking about reinventing HTTPS), then use protocol buffers to create a protocol -- it will save you hours of grief.
-- edit --
If your objective is to understand the programming involved with web-servers, you might want to read apache's code dissected by the FMC group into a collection of models. I have read this PDF multiple times -- it is an absolute gold mine.
All the other comments are good, and stuff like BEEP, or doing some custom TLV encoding can get you along way, as well as using something like Google protocol buffers, but none of these are what I'd really call real simple.
A very simple text based protocol could just use a new line as the message delimiter. This is how IRC does it. Its not the most efficient, but if your messages are reasonably small it could work quite well. You could also prefix your message with a much shorter line telling the receiver how long the next message is.
If you want to use a light framework, look at libevent. It can assist in your IO and do line delimited reading for you.
If the language (protocol) is not already determined for you, then that is what you should design first, or look at something that already exists - XML, JSON chunks, netstrings, etc.
You can look at some of the sample code from TCP/IP Sockets in C.
It has many examples of doing client/server communication in C. Without more details, it's difficult to know what you really want to handle...
For communicating between bespoke apps, you can just send your text format in TCP packets. You can use an extremely simple text format, but you should make sure that it starts with some text that clearly identifies to your server that it is a packet from your client, and not from an imposter. (Clearly this is not terribly good security, but that's not the point of your question).
A good place to start is to use XML for your text-based format. This is dead simple to write/read, and is flexible and extensible so you can easily add more information to your packets at a later date - the biggest thing you can get wrong is to use a communications format that can't be extended!
Once you have basic comms working, you can enhance the format to send more information, add encryption and other security measures, and consider moving to a binary (more secure, more compact and efficient) format. BUt you can work your way to this stage in small easy steps.
So the right direction:
Get two programs talking via TCP. Just a simple packet with the text "bob" in it is enough at this stage, just to verify that the messaging is working. There are any number of simple tutorials on the web to get this going, and it's just a few lines of code once you work out what's needed.
Then build your packets. Start with the simplest approach that gives you a unique ID (to verify that the packet is from the right program) and a means to add new data to the packet easily in future. Xml is ideal for this. Don't worry about security, just concentrate on the actual "conversation" you wish to convey between the programs - what data they wish to exchange and how to encode it.
Step by step improve the communications protcol until it achieves what you want - smaller, faster, binary, more robust, fault tolerant, secure, etc. Each of these steps will be an interesting little challenge and by the time you've done them all you'll have learned a lot.
Look at the chapter on text protocols in 'The Art of UNIX Programming' by E S Raymond. It covers a lot of the relevant ideas at a high level, with good examples, and explanations of why they are good examples. It mentions BEEP.
I've recently read a book on this topic. It's called "TCP IP Sockets in C", by Michael J. Donahoo and Kenneth L. Calvert. You if you can afford it, it's a nice tutorial/reference book to have.
If you'd like you can try create the client<->server pair in Java, as it is easier to grasp the idea, and then rethink the solution at a lower level in C.