protect you config ?!

16 posts | return to the Feature Suggestions forum | get the rss feed for this thread

Oct. 22, 2009paris

i think it would be great if there will be a way to protect your player config. i think about a way to ONLY use ONE specific xml-config-file and no abbillity to change the settings with flashvars! so embed users have no way to change your player settings. is this possible?

Oct. 22, 2009Zachary Ozer

All settings in the config will override flashvar settings

Oct. 23, 2009paris

no i can overwrite settings in the config.xml with flashvars. i have frontcolor defined in the config.xml but can overwrite it when i set flashvar frontcolor from the documentation: "Flashvars set in the embed code will overwrite those in the config XML again."

Oct. 23, 2009Zachary Ozer

My apologies Paris.

This will be changed in the 5.0 player such that flashvars set in the embed code will be overwritten bythose in the config XML.

Oct. 23, 2009paris

ok thanks thats very good to hear! and will there be any mechanism that only MY config.xml is acceppted by the player? so noone who uses my player via embed set gis own config.xml instead of mine?

Oct. 24, 2009Zachary Ozer

There's no way to do that for now, nor do we plan on supporting it in the near future.

Oct. 25, 2009paris

thanks for quick answers Zachary Ozer!
Bad news so far. isnt it possible to do something like that: place a config.xml in the same directory where player.swf is. player swf scans for config.xml in this folder and when it is found ONLY this config will be used to initialize the player?
or second suggestion: a mechanism that player accepts only config files which are placed on the same server (domain) as the player swf file?

Oct. 25, 2009hobbs

Your second suggestion "a mechanism that player accepts only config files which are placed on the same server (domain) as the player swf file" is already in place as part of the Adobe Flash Player security.

Unless the user placed a cross-domain policy file on the root of their server, the player will not load a config.xml file from their server.

Oct. 25, 2009paris

thats right hobbs but everyone can place this cross-domain policy on his own domain and after this he can use a config.xml from this domain. so its not a protection for my player.

Oct. 25, 2009hobbs

If someone is going to make their own config.xml and place a cross-domain policy file on their domain, why would they bother using your player? They will just use their own player and leech content from your server.

In other words, "What's your point?"

Oct. 25, 2009paris

ok sorry i forgot to explain that i use an Adobe Flash Streaming Server to delevier the videos. This server is configured that only my player is able to server the videos, no player placed on another domain etc. so it makes sense to protect my player settings. so noone can overwrite my watermark, analytics plugin and so on.

Oct. 25, 2009hobbs

OK, so then you should configure your player to request config.xml from your domain only along with a token that you can authenticate against, similar to what you are doing with your FMS.

Nov. 02, 2009paris

@Zachary Ozer: i have tested what you said with beta of player version 5 but flashvars still overwrite the values in config.xml? will this be changed in final version?

Nov. 06, 2009Zachary Ozer

Hi Paris,

This was my error - in fact, we're leaving things as-is for the 5 Player.

For something like this, it might be worth compiling your own version of the player.

Nov. 07, 2009paris

ok thanks. if i buy a license now can i get the source of the commercial player and compile my own player version or is it only possible to get sourcecode for the non-commercial (opensource) version from svn?

Nov. 16, 2009Zachary Ozer

If you buy a license, you'll get the source of the commercial player.

Add a reaction

You can also return to the category or try this search for related threads.

Your name *

Supported codes:

 

submit