i think it would be great if there will be a way to protect your player config. i think about a way to ONLY use ONE specific xml-config-file and no abbillity to change the settings with flashvars! so embed users have no way to change your player settings. is this possible?
protect you config ?!
Posted: Thu, 2009-10-22 16:57
paris
Posted: Fri, 2009-10-23 03:59
paris
no i can overwrite settings in the config.xml with flashvars. i have frontcolor defined in the config.xml but can overwrite it when i set flashvar frontcolor from the documentation: "Flashvars set in the embed code will overwrite those in the config XML again."
Posted: Fri, 2009-10-23 07:06
Zachary Ozer
My apologies Paris.
This will be changed in the 5.0 player such that flashvars set in the embed code will be overwritten bythose in the config XML.
Posted: Fri, 2009-10-23 15:26
paris
ok thanks thats very good to hear! and will there be any mechanism that only MY config.xml is acceppted by the player? so noone who uses my player via embed set gis own config.xml instead of mine?
Posted: Sat, 2009-10-24 09:28
Zachary Ozer
There's no way to do that for now, nor do we plan on supporting it in the near future.
Posted: Sun, 2009-10-25 06:18
paris
thanks for quick answers Zachary Ozer!
Bad news so far. isnt it possible to do something like that: place a config.xml in the same directory where player.swf is. player swf scans for config.xml in this folder and when it is found ONLY this config will be used to initialize the player?
or second suggestion: a mechanism that player accepts only config files which are placed on the same server (domain) as the player swf file?
Posted: Sun, 2009-10-25 10:12
hobbs
Your second suggestion "a mechanism that player accepts only config files which are placed on the same server (domain) as the player swf file" is already in place as part of the Adobe Flash Player security.
Unless the user placed a cross-domain policy file on the root of their server, the player will not load a config.xml file from their server.
Posted: Sun, 2009-10-25 11:56
paris
thats right hobbs but everyone can place this cross-domain policy on his own domain and after this he can use a config.xml from this domain. so its not a protection for my player.
Posted: Sun, 2009-10-25 13:01
hobbs
If someone is going to make their own config.xml and place a cross-domain policy file on their domain, why would they bother using your player? They will just use their own player and leech content from your server.
In other words, "What's your point?"
Posted: Sun, 2009-10-25 19:07
paris
ok sorry i forgot to explain that i use an Adobe Flash Streaming Server to delevier the videos. This server is configured that only my player is able to server the videos, no player placed on another domain etc. so it makes sense to protect my player settings. so noone can overwrite my watermark, analytics plugin and so on.
Posted: Sun, 2009-10-25 19:32
hobbs
OK, so then you should configure your player to request config.xml from your domain only along with a token that you can authenticate against, similar to what you are doing with your FMS.
Posted: Mon, 2009-11-02 17:42
paris
@Zachary Ozer: i have tested what you said with beta of player version 5 but flashvars still overwrite the values in config.xml? will this be changed in final version?
Posted: Fri, 2009-11-06 16:14
Zachary Ozer
Hi Paris,
This was my error - in fact, we're leaving things as-is for the 5 Player.
For something like this, it might be worth compiling your own version of the player.
Posted: Sat, 2009-11-07 07:19
paris
ok thanks. if i buy a license now can i get the source of the commercial player and compile my own player version or is it only possible to get sourcecode for the non-commercial (opensource) version from svn?
Posted: Mon, 2009-11-16 13:37
Zachary Ozer
If you buy a license, you'll get the source of the commercial player.
All settings in the config will override flashvar settings