Posted by Marek Kilimajer on 03/19/05 20:40

Dan Rossi wrote:
>
> On 19/03/2005, at 2:36 AM, Marek Kilimajer wrote:
>
>> Dan Rossi wrote:
>>
>>> On 19/03/2005, at 2:06 AM, php-list-replies@listmail.innovate.net wrote:
>>>
>>>>
>>>>
>>> I think you misunderstood me or I wasnt clear, the links are coming
>>> from a syndicate site to the main site, so we check on that domain. I
>>> am looking at other options, maybe someway of trasparently logging in ?
>>
>>
>> You were not clear at all. What are you trying to do?
>>
>>
>
> Hi there Marek, here is how the system currently works. Each feed
> afiliate has a special number, this is used for publishing points on the
> streaming server aswell as loading refering domains from the database. A
> link to the video feed player window will happen from their server only,
> therefore the referer check. What I was trying to say is, one of the
> customers picked up , that it was using referer checks aswell as a few
> other things, and worked out referer spoofing software will let you in
> still. We need to try and avoid this, as each customer's authentication
> is different we cannot have another login as its not in sync. So we may
> have to look at other options, possibly someway of transparently logging
> in I dont know.
>

If you need only hotlink protection then the current referer checking is
just enough. Most users will not install referer spoofing software.

But if you need to be 100% sure the videos are streamed through
affiliate server, you can use tokens - a script at the affiliate server
will request a token from the streaming server (with
username/password/clip id etc.). This token will be sent with the link
to the streaming server. Hope this is clear.

[Back to original message]