native.newVideo and AWS permissions

Hi,

I’m using AWS (Amazon Web Services) and S3 to host video files, which I access in my app via native.newVideo, like so:

video:load( "https://myvideolocation\_at\_aws.mp4", media.RemoteSource )

It works super well! But now I want to make sure that no one can access

the video without the app – I don’t want people to get the URL

of the video by looking in xCode or something, and then waste my money by

accessing the video wherever they want. When using AWS, I need to send some kind

of user ID as part of the header. Is this an option? Is there any way I can

stop people from watching my video outside of the app?

+1

This is probably a question you need to research with Amazon to see what protection scheme’s they have. I’m pretty sure they support basic HTTP authentication. If that’s the case, a simple change to the URL to:

http://user:passwd@www.server.com/index.html

You may need to base64 encode the username and password. Sometimes those values can be passed via headers instead of as part of the URL. Corona should support providing extra headers to the request.

Rob

Very many thanks for the response, Rob – though not sure if you mean that corona will support it in the future, or if they just _should, _or if you even have control over these sorts of things. I think of you as the dev-loving CEO of Corona. A down to earth, Bill Murray type (apologies if you don’t like Bill Murray).

I don’t think that we can use the in-url case with AWS – at least Amazon doesn’t provide any examples of doing it this way that we can see. I see http://www.s3auth.com/, but it’s still inferior, because it won’t prevent snooping.

I’m a Bill Murray fan!

When I say “should”, that means that we support many kinds of headers that can be passed to web services, but there are always exceptions that you might run into. We can’t test every possible use case for every service. 

Basic auth doesn’t have to be done as part of the URL, it can be done with HTML headers.

Rob

+1

This is probably a question you need to research with Amazon to see what protection scheme’s they have. I’m pretty sure they support basic HTTP authentication. If that’s the case, a simple change to the URL to:

http://user:passwd@www.server.com/index.html

You may need to base64 encode the username and password. Sometimes those values can be passed via headers instead of as part of the URL. Corona should support providing extra headers to the request.

Rob

Very many thanks for the response, Rob – though not sure if you mean that corona will support it in the future, or if they just _should, _or if you even have control over these sorts of things. I think of you as the dev-loving CEO of Corona. A down to earth, Bill Murray type (apologies if you don’t like Bill Murray).

I don’t think that we can use the in-url case with AWS – at least Amazon doesn’t provide any examples of doing it this way that we can see. I see http://www.s3auth.com/, but it’s still inferior, because it won’t prevent snooping.

I’m a Bill Murray fan!

When I say “should”, that means that we support many kinds of headers that can be passed to web services, but there are always exceptions that you might run into. We can’t test every possible use case for every service. 

Basic auth doesn’t have to be done as part of the URL, it can be done with HTML headers.

Rob