Stream videos securely using AWS CloudFront - security

I am attempting to serve paid videos to the users of my website, which is using php and is hosted on AWS.
I was wondering if:
1) anyone has successfully managed to serve video content through CloudFront securely? No matter what I try, FlashDownloadPlayer has managed to download the video.
2) will the video I upload automatically play in all devices/platforms regardless of input raw file I use ? I wasn't able to confirm this through AWS documentation.
Regardless, any ideas to make video downloading extremely difficult (atleast not through flashDownloadPlayer) would really be appreciated.
My videos are stored in AWS S3.
Thanks!

Yes you can do this through Cloudfront and have it be just as fast as Youtube, with a CDN on a similar scale as Google. The difference being you can make Cloudfront private and encrypted as you mention. For example, we host dozens of confidential online videos behind our business Intranet and Extranet site. Obviously the site is password protected, and the videos needed to be private. Cloudfront let's you encrypt the video and embed inside a video player such as JWPlayer. This was the only way we could pass our security audit, while still serving massive video content and have it be fast. It sounds quite involved, but we followed a great guide in this tutorial and got this going in a few hours. Very straight forward.
https://centroy.com/blog/secure-video-alternative-to-youtube

Related

Protecting the AWS S3 download links

I have been developing a website where people can buy digital products and then download them after the payment. I am using MERN stack and thinking of using AWS S3 for storing the digital products.
I am quite worried about implementing the security. I want to make sure that nobody can find an evil way to download files unless they purchased the product.
Not only about AWS S3 but anything you can suggest is appreciated.
I am not really an experienced guy on this industry since I am a mechanical engineer. So, I appreciate even a single bit of your suggestions.
You should use Amazon S3 pre-signed URLs.
It works like this:
All files in Amazon S3 remain private
Users interact with your website and purchase the software
Your website then generates a pre-signed URL, which is a time-limited link to a private object stored in Amazon S3
Users can click that link to download the file. After the expiry period (which you can set), the link will no longer work.
Yes, they could share that link with other people, but it would only work for the stated time period (eg 5 minutes).
The signed URL only takes a couple of lines of code to generate. It can be generated within your app, without having to make an API call to S3.

Do I need azure media services for streaming a video to html5

I am currently planing the total cost of hosting my videos on azure. After studying the pricing I noted that the costs for storing the data is actually much lower than the price for converting them. Unfortunately I will have many videos, but they won't be watched a lot. Therefore the relative cost for converting them to different formats is too high for me.
Now my question, do I actually need to convert the videos to different formats or wouldn't it be possible to send the video directly from the storage to the browser?
To send video's from storage to browser you can use SAS urls as Zain mentioned. You need to ask yourself what devices,bitrates your solution is targeting: which browsers, web only or web + mobile.
Probably you want your users be able to start watching video before it has been fully downloaded on client(progressive download). Make sure that you encoded it into desired bitrate and moov atom in the video is placed at the beginning of file -https://support.jwplayer.com/customer/portal/questions/12945932-mp4-file-progressive-play.
Based on your original video format and answers to above questions you might need to re-encode your videos and upload re-encoded version to server.
Yes, it's possible to send them directly from storage to the browser, just like it's possible to send any file that you make publicly accessible.
If you're going to store your videos in blob storage, just make sure you either mark the container as public or you generate SAS urls for each video that make them publicly accessible.

play/stream audio and video on browser without an option to download

I have some audio and video files which will be served from server to browser on request. Now I need a way by which "Users can watch or listen to media but shouldn't be able to download in anyway (even with developer tools or download manager plugins)". Kindly share your ideas if you have had experience on this.
If you are streaming it to them you can't stop them downloading it as, in extreme cases, they can simply capture the network traffic.
It sounds like you may want to encrypt the content using one of the commonly used encryption techniques and then find a secure way to share the encryption key with your users and their devices/players. This way any captured or downloaded content will not be of use to anyone without the right key.
This is essentially what DRM technologies do so it would probably be worth you investigating them - you can integrate the functionality to your own sever or simply host your videos with a provider who provides the functionality and embed their video player on your site.

Hosting Audio Files

I'm considering building a website that helps musicians collaborate remotely. To do this, they would need to share large (uncompressed) audio files.
For the solution I'm considering, I'd like to be able to perform the following functions:
upload/download uncompressed audio files
stream uploaded audio
My concern is the large bandwidth demand. Should I perform these actions on my own (hosted) server space, or is there a service with APIs I can use?
I've checked out Amazon's S3 which allows me to host files, however I can't find anything that suggests I can stream from their services. I'm not sure that S3 is right for what I'm trying to achieve.
Can someone provide some high-level architectural advice?
Thanks in advance.
What Paul mentioned in his comments is true... S3 is not designed to be a CDN.
However, if your audio files aren't intended to be used by over a thousand people at a time, you don't actually need a CDN. You can put them on S3 and stream directly from there (over HTTP) without difficulty. It sounds like you're going to have a bunch of tracks that will only be accessed by a handful of people. S3 is fine for this.
When it comes to publishing finished work that might be used by many, that would be a good time to use Cloudfront.

How to secure downloads using Cloudfront

I have videos containing educational content. I'd like to distribute these videos using S3 and my DNN site. I've created my s3 bucket with all the videos.
I'd like users to be able to log in and be able to download the videos that they have paid for.
Also, i'd like to prevent users from sharing video urls(hotlinking).
I've looked into private distributions but it seems a little complicated as far as signed urls.
Ideally, I'd have some kind of a policy on cloudfront that would only allow videos to be download from my own domain.(i remember doing something like this with s3 itself where i would add a custom acl that would specify the httpreferrer)
Thanks for your help, my head was about to explode due to information overload.
Cristian
The ideal would be to use a plugin that generates the expiring URLs for you.
If you are on Joomla or Wordpress, you may want to look into S3Media Stream.
Just google it and you will find it quite easily.
I hope this helps?

Resources