video problems

[chthonic]

ok.. so why is it requesting this....?


2/26/2009 8:31:21 AM 193.231.68.58:50494 Requested GET http://thecric.free.fr/AZenv/azenv.php


the web address doesn't even show as valid .... it showed up as soon as I removed the "only served requests" option?
********************

[ok.... tested that option .. the results are still the same... as long as the "video" files are under restricted access... folders or individual files.... the player still shows the error saying either the file doesn't exist or that the server is blocking access.. and I have used 5 different players. This behavior persists even if only the parent folder is set for restricted access. this behavior does not exist for audio files.]

which brings me back to a previous suggestion on the command menu... when creating/adding a restricted folder that contains video files... there should be a prompt asking if the folder contains video files.. which when checked would automatically set the flags needed;

{is this a restricted resource? Yes/No} if no .. it just creates/adds the folder

{is this a restricted resource? Yes/No} if yes... goes to prompt; {is/does this resource contain a video file? Yes/No} if yes... then it automatically sets the anonymous flag and opens the permissions tab to let you choose which users have access... if no.. then it just takes you to the permissions access tab.

this should only take place when creating.. after that.. it just goes to the properties page normally.

****************

ok after more testing... it's no longer hanging when the ANYONE flag is set instead on the resource itself.. the files serve with no problems...  but if the restricted resource folder is not under a parent folder, that option isn't very reasonable because it doesn't distinguish between the accounts that are allowed to see the files and those that are not.

when under a parent... it should distinguish from only those accounts that are checked under the parent folder for restricted access.. and the accounts that are not allowed should not be highlighted.

when the resource is by itself then the ANONYMOUS flag should be checked instead .... so there should also be an additional prompt to ask if its a stand alone resource or if its under a parent folder.. unless its easier to code it to determine if its already under a restricted parent folder.. and then the VIDEO FOLDER option would set either the ANYONE or the ANONYMOUS flag as required.

the reason this is of such concern for me is that I have some file content that IS NOT "family friendly" and I wouldn't want anyone to have accidental access to that content because the wrong flag was set.

(restricted access parent folder)
               child folder = ANYONE - only applies to accounts with parent folder access
(restricted access standalone/single folder/file)
               content access = ANONYMOUS - only applies to accounts with access

but as stated.. in this instance it applies only to folders containing video, since this issue only seems to apply to that content.. it has no effect on pics, music etc

[rejetto]

ok.. so why is it requesting this....?
2/26/2009 8:31:21 AM 193.231.68.58:50494 Requested GET http://thecric.free.fr/AZenv/azenv.php
the web address doesn't even show as valid .... it showed up as soon as I removed the "only served requests" option?

it's someone/thing trying to see if your server is acting as a proxy.
welcome to the wild internet

[ok.... tested that option .. the results are still the same...

never said or meant it would solve your problem. it's just giving more info.

as long as the "video" files are under restricted access... folders or individual files.... the player still shows the error saying either the file doesn't exist or that the server is blocking access.. and I have used 5 different players.

5 players? i thought you was using a flash player. aren't you?

which brings me back to a previous suggestion on the command menu... when creating/adding a restricted folder that contains video files...  there should be a prompt asking if the folder contains video files.. which when checked would automatically set the flags needed;
{is this a restricted resource? Yes/No} if no .. it just creates/adds the folder

what you are doing and suggesting for hfs is something totally bad.
anonymous mean "no password". you are actually giving free access to the files, not protecting.

i understand "anonymous" there can be misleading. it's just a feature that was asked long time ago and found no better way till now.

ok after more testing... it's no longer hanging when the ANYONE flag is set instead on the resource itself..

do you understand by yourself that "anyone" means as well that you are not protecting the files?

the reason this is of such concern for me is that I have some file content that IS NOT "family friendly" and I wouldn't want anyone to have accidental access to that content because the wrong flag was set.

ok. all is lost

you should post some log lines about the video player requests.

[chthonic]

as long as the "video" files are under restricted access... folders or individual files.... the player still shows the error saying either the file doesn't exist or that the server is blocking access.. and I have used 5 different players.

5 players? i thought you was using a flash player. aren't you?

{I tested with flash, divx web, WMP and a couple of others that handle streaming protocols.. the results were the same for all of them}

which brings me back to a previous suggestion on the command menu... when creating/adding a restricted folder that contains video files...  there should be a prompt asking if the folder contains video files.. which when checked would automatically set the flags needed;
{is this a restricted resource? Yes/No} if no .. it just creates/adds the folder

what you are doing and suggesting for hfs is something totally bad.
anonymous mean "no password". you are actually giving free access to the files, not protecting.

{ok.. I use tog 3.0 with the login template and I tried to do a direct login to the folder and the individual file with the ANONYMOUS flag set for he source folder.... it still asked to me to login because I was attempting to access a restricted resource... so I am covered LOL}


i understand "anonymous" there can be misleading. it's just a feature that was asked long time ago and found no better way till now.

{I had made a previous comment about how cerebusFTP has a way of limiting the anonymous access only to the account with the access in question... this configuration seems to be working the same way}

ok after more testing... it's no longer hanging when the ANYONE flag is set instead on the resource itself..

do you understand by yourself that "anyone" means as well that you are not protecting the files?

{see above} the login script in the tog template is protecting the files from direct access.}

[you should post some log lines about the video player requests.]

will work onthat as soon as I ahve a chnace todo it without interupts

[jerome]

About your video troubles...

you can embed a java flash player
http://www.longtailvideo.com/players/jw-flv-player/

and use external playlist "with" or "without" login access.

an example here...
http://82.239.5.248/html/rar.html
using an older version and swfobject v1.5

in the accordeon floating menu, select the multimedia player.
in the music playlist, the last one, frandysax is login protected

login rejetto pass rejetto
log from the menu or asking the file directly
you can also use one login from the menu and use another one only for the playlist only.( 2 security levels )




so you can protect your porno video           

hfs is very cool to check the JW FLV player javascript result before upload a player on a site
(because of the hosting needed for swf object v2.1 and java preview)

[jerome]

Audio pro factory demo users will smile and make the difference
And thank you Massimo for the java compatibility update of last builds.

ps: attention mars, trop de télé rend UMP !

[chthonic]

ps: attention mars, trop de télé rend UMP !

  Tu me fais marrer:

cela m'étonnerait beaucoup que de regarder des dessins animés, ça fasse pencher mes opinions vers tel ou tel parti politique, pour ton info c'était ma première visite hier soir sur le site de courbet.Tu sais, y'a pas que la politique dans la vie , mais je maintiens que ton système c'est comme une arnaque, il faut payez pour avoir le droit de voir!  tu promets presque un voyage sur la lune alors que ce que tu offres au final c'est une simple photo (et encore un peu floue),soit donc de la poudre aux yeux. Ce que certains font en peer to peer et gratuitement, toi tu le fais en le faisant payer: aurais tu peur que l'UMP te fasse la chasse aux sorcières sur internet? Tu sembles être un passionné de musique et gloire à toi de vouloir faire partager tes passions avec d'autres, mais de là à en tirer un bénéfice pour quelque chose dont tu n'es pas l'auteur (et peut etre sans l'accord des auteurs), tu m'excuseras mais ça frise l'arnaque tout simplement.

  ...........

Mais je te rassure, ce n'est pas moi qui irai te dénoncer, mais si tu te fais pincer tu ne pourras pas te défendre en prétextant que tu n'étais pas au courant

I don't speak the language but I can understand at least 1/4 of what this says 
[correction.. after re-reading.. possibly 1/2 of this!]

[SilentPliz]

ps: attention mars, trop de télé rend UMP !

Moi je pensais que c'était l'UMP qui était accro au fric facile... je devais me tromper.  

Mais non... mais non ! J'en rajoute pas. 


Amis consommateurs pensez Torrents... c'est moins cher !

[rejetto]

5 players? i thought you was using a flash player. aren't you?

{I tested with flash, divx web, WMP and a couple of others that handle streaming protocols.. the results were the same for all of them}

can you tell me how did you try with WMP ?

what you are doing and suggesting for hfs is something totally bad.
anonymous mean "no password". you are actually giving free access to the files, not protecting.

{ok.. I use tog 3.0 with the login template and I tried to do a direct login to the folder and the individual file with the ANONYMOUS flag set for he source folder.... it still asked to me to login because I was attempting to access a restricted resource... so I am covered LOL}

ah... mmm... ok, i guess it's a feature of that template.
test this then: try a direct url to the video file without logging.

{I had made a previous comment about how cerebusFTP has a way of limiting the anonymous access only to the account with the access in question... this configuration seems to be working the same way}

it's not easy for me to understand what "an anonymous access limited to an account" is

i got your PM

[chthonic]

I got the same results with wmp that you saw with the dvx feedback.... except for the player used.. the results are all exactly the same

[chthonic]

as for the anonymous thing.. I think it tracks the IP and creates an exception rule based on if the IP of the anonymous request matches the IP of a logged in user

[rejetto]

I studied the logs you sent me privately, and can confirm you that the player is not providing any password. HFS cannot let it pass, since the resource is protected. So far so good.

I confirm you as well that your files are NOT protected.
I enter the full url in my browser and the file was provided without requesting any password.

I can tell you more: even the listing is not protected. Although you get the error message of the template (ToG), i can get /~files.lst and know all your folders and files.

So, if this is ok for you, no one will blame, and you can stop reading this message here.

---- spoiler ---  

If you want the files to truly be protected against anyone (remotely), you should start removing "anonymous" and "anyone" permissions.

I miss some information about what's going on there, but i can suppose you are clicking on the link on the browser, and the player (a different program) starts. This is supposition, but let me continue.

The links are normally of the form "Videofile.avi", and provide no password with them.
The password is instead requested by HFS for every action. The browser remembers the password, and send it to HFS every time, so there's no need for the link to contain the password.
But the browser launches the player, providing it the URL but not the password.

HFS has a feature to force the link to contain the password: "Include password in pages".
For security matters, it's better this to be OFF by default, but you can turn it on if you truly need it.

Anyway, it is my opinion that you will get much more security by removing those extra permissions and enabling this option.


It's all.
Leaving the hall.


p.s.
just one more thing: by giving me the request dump, with the "authorization" line, i could easily decode it and know your password.
I'm not interested in those files, but just to let you know a thing you should know.

[chthonic]

thanks!

[Fysack]

you dont fool me chrono

[rejetto]

chrno in disguise?

[chthonic]

chrono?


btw.. I tested a couple of other templates.. and the error issue doesnt exist... had to get a another large HD so that I can convert to the format the template requires.