Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
i have got a problem: my .flvs are hotlinked and my bandwidth usage is at its limit. ATM, i use .htaccess to block the domains but i want to kill the problem at its root. I can not use .htaccess to do it because my flv player does not send the referrer. Know any free players with that feature ?
I googled and found two solutions (both commercial) and i'd like your opinion if they're worth the money (45$ the first, 199$ the second but comes also in a free script with message errors instead of a redirect) (or if you can tell me about any free script they are welcoome).
Hotlink protection does not entirely eliminate your problem. Someone can place a video player on their site that sends the right referrer. Your best solutions are to have some kind of registration system to view videos, place hotlink protection and have some kind of client-size obfuscation, but there are no perfect way to stop bandwidth thieves.
I'm sure you have heard of Hulu.com? They have client-side encryption/obfuscation system that encrypts all AJAX calls. I'm not sure how many bits of bandwidth did they save, but streaming videos online means that people in general will be able to leech your bandwidth. The Internet was constructed in a such way so that we share stuff, not block.
A simple way would be setting a session key on the page that will be displaying the video, then create a script that will actually serve the video and have it check for the presence of this session key.
I would also recommend using YouTube instead.. their servers are far superior and will result in faster load times and reliability.