video file

[jasm]

Professor Twey, would appreciate if you could check whether there are ways to save the video file below to the computer hard disk now? I hope to close any loophole before proceeding. Thanking you in advance. Cheers!
http://testing.freeownhost.com/1.htm

[Twey]

It's not a video file, but: http://testing.freeownhost.com/z3_wangbodong3.jpg
/EDIT: Oh, it is a video file. Microsoft WMV7 format. Causing your server to serve it with an incorrect MIME type will break it in anything except Internet Explorer, which thinks it knows better than the server and tries to second-guess the MIME type.
That page and the ones it leads to are broken in many ways.

Effective source of the pages:

http://testing.freeownhost.com/i_1_f_j_k/21.htm:

Code:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<head>
<title> video </title>

<meta http-equiv="Content-Type" content="text/html; charset=big5">
<meta content="text/html; charset=big5" http_equiv="Content_Type">
<meta content="MSHTML 6.00.2800.1476" name="GENERATOR">
</head>

<body bgcolor="black" onselectstart="event.returnValue=false" oncontextmenu="window.event.returnValue=false" ondragstart="window.event.returnValue=false">
("      
<noframes>
<body>
<script type='text/javascript' src='http://ads.primeinteractive.net/adx.js'>
</script>
<script type='text/javascript' src='http://ads.primeinteractive.net/adlayer.php?what=zone:42&amp;layerstyle=simple&amp;align=right&amp;valign=top&amp;padding=2&amp;closetime=30&amp;padding=0&amp;shifth=0&amp;shiftv=0&amp;closebutton=t&amp;nobg=t&amp;noborder=t'>
</script>
</noframes>

    <center>
    <table border="1" bordercolor="#808080" cellpadding="1" cellspacing="1">
    <tbody>
    <tr align="center">
    <td bgcolor="#000000"> <object id="NSPlay" classid="CLSID:22D6F312-B0F6-11D0-94AB-0080C74C7E95" align="middle" height="320" width="360"> <param name="autoStart" value="0"> <param name="fileName" value=" http://testing.freeownhost.com/z3_wangbodong3.jpg"> <param name="BufferingTime" value="0"> <param name="CaptioningID" value=""> <param name="ShowControls" value="1"> <param name="ShowAudioControls" value="1"> <param name="ShowGotoBar" value="0"> <param name="ShowPositionControls" value="1"> <param name="ShowStatusBar" value="-1"> <param name="EnableContextMenu" value="0"> <embed src="" autosize="0" autostart="-1" animationatstart="1" baseurl="" clicktoplay="1" enablecontextmenu="0" enablepositioncontrols="0" enablefullscreencontrols="0" enabletracker="0" filename="" sendopenstatechangeevents="1" sendplaystatechangeevents="1" showcontrols="-1" showaudiocontrols="-1" showdisplay="0" showgotobar="0" showpositioncontrols="0" showstatusbar="0" showtracker="0" transparentatstart="-1" volume="2" windowlessvideo="0" height="240" width="320"> </object> </td>
    </tr>
    </tbody>
    </table>
    /tr&gt; </center>


</body>
</html>

http://testing.freeownhost.com/1.htm:

Code:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 

Transitional//EN">
<HTML>
<head>
<script>
...
</script>
<title> </title>


<meta http-equiv="Content-Type" content="text/html; 
charset=big5">

<meta content="text/html; charset=big5" http_equiv="Content_Type">
</head>

<body bgcolor="black" onselectstart="event.returnValue=false" oncontextmenu="window.event.returnValue=false" ondragstart="window.event.returnValue=false">
    
<p align="center">

    <a href="javascript://" onclick="window.open('http://testing.freeownhost.com/i_1_f_j_k/21.htm','','menubar=no,status=yes,scrollbars=yes,top=200,left=200,toolbar=no,width=800,height=600')"> </a>

</p>

<p align="center">

    <a href="javascript://" onclick="window.open('http://testing.freeownhost.com/i_1_f_j_k/21.htm','','menubar=no,status=yes,scrollbars=yes,top=200,left=200,toolbar=no,width=800,height=600')">     <img src="http://testing.freeownhost.com/video2.gif"> </a>

</p>


</body>
</html>

The video doesn't work in anything except IE; the pages won't work in any non-JS browsers; your markup is very deformed.

The task you are attempting is not possible; anything you try will cause problems to legitimate users. Give up.

[jasm]

It is a challenge for me trying to do so and I am not giving up.
It would serve my purpose if it is not easy for others to save the video file on the computer hard disk.

I have simplified the source code earlier for easy reference. I have now included the javascript that will enable fans with non IE browsers to view the video too. I have encrpted the source code because through trial and error in the past, I found out that all files of the web page with source code encrpted will not be saved onto the computer even if one choose the "save as webpage, complete (html)"

http://testing.freeownhost.com/1.htm

[Twey]

I timed myself this time; it took me one minute and seven seconds to save the file to disk, including download time.

I have encrpted the source code because through trial and error in the past, I found out that all files of the web page with source code encrpted will not be saved onto the computer even if one choose the "save as webpage, complete (html)"

But what about the many downsides?

I have now included the javascript that will enable fans with non IE browsers to view the video too.

Well no, you haven't. The embed tag, though it exists, looks like so:

Code:

<embed src="" autosize="0" autostart="-1" animationatstart="1" baseurl="" clicktoplay="1" enablecontextmenu="0" enablepositioncontrols="0" enablefullscreencontrols="0" enabletracker="0" filename="" sendopenstatechangeevents="1" sendplaystatechangeevents="1" showcontrols="-1" showaudiocontrols="-1" showdisplay="0" showgotobar="0" showpositioncontrols="0" showstatusbar="0" showtracker="0" transparentatstart="-1" volume="2" windowlessvideo="0" height="240" width="320">

You see, you haven't actually specified a file to use.

It is a challenge for me trying to do so and I am not giving up.

It is not a challenge, it is an impossibility.

It would serve my purpose if it is not easy for others to save the video file on the computer hard disk.

It's better for it to be easily saved and easily viewed than for it to take a whole perhaps five minutes to be saved and be unviewable to a lot of people. That's all you're doing with all this source-code "encryption," MIME-type mangling and related misdeeds.

[jasm]

Professor Twey,
Thank you very much for responding to my query and taking the time to test it out, though disappointed with the outcome.
As mentioned earlier, the video files that I put up are only meant for viewing and not supposed to be downloaded. They were the selected clips of a renowned taiwanese opera actress past 20 years performances. As most of the video clips were provided by the much senior fans of hers and also copyrighted, I need to have enough security measure to prevent other people from downloading the files before putting up for public viewing.

[Twey]

[the files are] copyrighted, I need to have enough security measure to prevent other people from downloading the files before putting up for public viewing.

That's all the security you need.

I confused "your" with "you're"! But I never do that!
I'm too young to be going senile! Aah!

[djr33]

As Twey said,

copyrighted

...if they are, then making them not copiable is worthless. It's illegal, so let them get in trouble... don't make it insanely complex half-working code.

You can download the files from the pro companies.... no problem. Not hard. If they can't block downloads, certainly you, an individual, no matter how much you care or try or know, can't.


As such, here are some thoughts:

1. What's the downside to downloading?
a. You're not limiting the number of times it can be viewed nor are you planning to remove it after a certain amount of time. If they save, then it's not different than viewing through your site again except that they save download time which would be nice.
b. "because they sould send it around"... and save others download time. You are SHOWING people these clips... not hiding them from them. Sure, they could do bad things with it, but you can't stop that anyway.

2. Look at pro sources.
a. Even big names don't have foolproof sources. The best they do is, with lots of effort, make it confusing to find the real file through mazes of code... not hard to do, really. Just use layers of php, JS, etc etc. But...why?
b. The best example of a non-download company is google video. They use complex stuff on the net that you can't* download from, and make you install THEIR player for downloading the file to and playing... meaning you can download, but you can't use a normal player...
downsides to this:
i) your viewers need YOUR player.
ii) it would be complex to deal with the coding end.
iii) you need to MAKE YOUR OWN VIEWER. Intense!
*Even though you "can't", there are STILL ways around it. I haven't tried too much. Twey, maybe you know it's easy. I dunno.
c) there are programs like iTunes that protect the files with copyprotection and stuff... but that is complex, proprietary, certainly not open source due to security, and good luck coding that. It's also cracked all the time.

3. Some ideas for 'kinda hard to get the files from':
a) Light: embed the file into your page, with no download link/url visable. Easy enough. They must look in your source code to find the link. Odds are they won't, and, if they do, they could get around other measures if they really cared. This is incredibly easy to get around for someone experienced though.
b) Medium: use some JS/php, etc to make it unclear where the stuff is coming from. Again, fairly easy to figure out. Not worth the extra time from option (a).
c) High: Flash. Flash can use QT movies in it. Not wmv... sorry. Use flash to save each into a flash file. Then they could, I guess, download that flash file, but at least not edit it. Lots more work. Requies a plugin. Yeah.
Also, it is possible, though tricky, to decompile flash. And, you'd have to decompile and have flash installed.

I may be wrong here... but isn't WMV protected anyway? I don't know of any editors that like it... it's meant for distribution, not editing, so why not just let them have that file... it's pretty much worthless.


Basically... don't put your files out there if you don't want people to see/view/like/save/send them. Can't be stopped. Can be confused.. but no reason to make it too complex, as you can't make it impossible and it's just extra time on your part.

[jasm]

Many thanks to you, djr33, for your detailed explanation.

I have now taken the following simple measures.:
1) Change the wmv file manually to JPG. I do not need to re-download the file. The video file would be viewable on the web but saving the JPG file renders nothing.
2) Disable the right click on the webpage. In the past when the cursor moves to the WMP, the URL of the video can be seen. This I have successfully disabled too.
3) Make the page a popup one so that one cannot simply go to Menu bar "View - Source" to see the source code (of course, it's easy to crack this)
4) Encrpt the source code so that when the whole webpage is saved, only that webpage and not other files are saved.

I call it simple because I need only to save the source code on a doc and for every HTML page (almost 150 of them) of the relevant wmv files (almost 200 of them) that has to be changed to incoporate the new codes, I need only to make a few changes, then copy and paste.

[Twey]

(sigh)
1) is OK if you've made sure your server serves it with the correct Content-Type header despite the incorrect file extension (which I doubt you have). However, it won't protect the file. It would take a very stupid person to be fooled into thinking that the video file wouldn't work just because it has a different filename.
2) is generally harmless, but might irritate some people -- myself included -- who don't think that you, as a web designer, have the right to be disabling parts of their GUI. It's also a very pointless exercise, since the user can simply disable Javascript, or use Firefox and disallow scripts from disabling/replacing the context menu (option under "Content" then the "Advanced" button next to "Enable JavaScript").
3) Even you pointed out that this is incredibly easy to get past. I don't have popups; all new windows open as tabs, so I wouldn't even notice this.
4) is just plain offensive. You're utterly ruining your site in a goodly portion of browsers, drastically impacting its performance in others, and trying to destroy the mechanism by which budding web designers learn the most (the web was designed to be free and open; don't try to corrupt its ideals), all to obtain or cause in others a false sense of security about a few video files that are already far better protected by law anyway.

[jasm]

A few students were charged in court a few months ago for putting up MP3 songs on their website that were easily downloadable.

I am not a web designer, merely a fan who wishes to share online the selected clips of the taiwanese opera actress' past 20 years performances that other senior fans have contributed.

I have never studied/attended a computer course before and thus my computer knowledge is very very limited. All my knowledge comes from consulting professionals like you on the net and also through trials and errors.

I have since put up some video files on my site and so far have not heard of any fans claiming difficulty viewing the clips.

It would take a very stupid person to be fooled into thinking that the video file wouldn't work just because it has a different filename.

This is the URL of the "WMV converted to JPG" video file that I have reuploaded for your reference : http://testing.freeownhost.com/1.jpg
(will be deleted soon)
The video file can only be viewed online on a webpage but impossible for one to copy and save to one's computer. Even trying to view the JPG video file on my computer is not possible but can if I convert it back to wmv

Code:

<embed src="" baseurl="">

You see, you haven't actually specified a file to use..

I did not specify the file to use here but in another option code below because the webpage comes with a few clips for one to choose from.

Thank you very much for your input.