[Persius]

So I have mp4 videos uploaded on my web hosting service. To be safe, I have given the directory where they are located your standard username & password protection using .htaccess.

The problem is, iPhone's Safari won't stream the mp4s with the authentication in place. It streams it perfectly without the .htaccess authentication, but consistently get "movie could not be played" errors with.

They stream perfectly in every computer-based browser I throw at it regardless.

it's something about the iphone that when you try to access a video when you are logged into a pass protected area, the mp4 wont play... the phone doesnt carry your user/pass.

anyone know the fix? or another way around this?

bump,... anyone ? this is driving me nuts ive been trying to figure this out for hours!

[DaveiPhone]

In order to make this work, I had to add this to my .htaccess file. This will lower your security level in that someone having a complete path to a particular media file could access it without a password, but I never found another work around.

(see attachment)

[Persius]

Quote:

Originally Posted by DaveiPhone

In order to make this work, I had to add this to my .htaccess file. This will lower your security level in that someone having a complete path to a particular media file could access it without a password, but I never found another work around.

(see attachment)

the problem is i need them to be protected, any other way around this ?

[DaveiPhone]

They are still protected this way. You still need to login to the server, and you can use many tricks to make it nearly impossible to guess a path. My security point is that if you know the EXACT path to a particular file, you can get to it without needing to login first. Most pay sites for example, are the same. There are relatively few sites that are secure once you know an interior path. But they still, for example, couldn't get a directory listing.

[biswajitghosh]

Its still not ready for 1.2.0.2 firmware.It crashes in between.

[DaveiPhone]

Huh? I've been using this for months, never a crash.

[wookiee2cu]

Why do they need to be protected? As long as you don't tell anyone the file path or the file name, people won't find it.

[dapaintballer331]

I have a fix.
Instead of htaccess/htpasswd, use php's cookie/session authorization. If you can password protect a php page, php can protect files as well.

Create a php login/authorization script (5 minutes?)
Put all protected files in a folder that has "Deny ALL" in htaccess
Create a dl.php file. If they are logged in, have it stream the files in the deny all folder (php can access this, deny all is for http only). If you want quicktime to play the file, be sure to have it send the correct mimi type in the headers. (video/mpeg?)

[discostar]

Thankfully I'm a LVL 7 Necromancer and can bring this thread back from the dead!

I think this is the problem I'm having. I have videos behind a password and they just won't play. To be honest, this PHP stuff is a bit over my head. Is there a way around this, or is the PHP scripts the best way?

[Nick Z]

Just out of curousity why are you trying to hide your files? From the server? Or you don't want public users to have access to them?

[discostar]

Are we allowed to back-and-forth like this? Sorry to the mods!

I do not want public access to the files, no.