I’m trying to figure out how to hide my video path from the player in an HTML project. Can I do that? Is this possible?
2 Likes
Hey @nicola - you seem to have an interesting use case. Would love to know more about it. I’ve a few questions though -
-
Do you want to completely hide the path from Video Player? If this is the case, this is not possible. Your video player will need a way to fetch the video from source.
-
Do you wish to obfuscate the video path from the user? This could be the way forward. You could perhaps try to modify the video URI based on session key. For example, you could get a
session_idfrom your session. Then usemd5to generate a hash for thevideo_pathon server with$session_id; and send it over to the front-end along with your$_SESSION[$hash].
On the front end, you can then try adding the $hash to your video source.
That’s just an idea. Let me know if that helps. 
Since the video URL must be reachable by the client-side (browser) for the video to start loading and play, it is impossible to hide the video path from an HTML player.
You can, however, take some actions to make it a little trickier for common visitors to locate the video URL.
Here are a few ideas you can use:
-
Obfuscation: There are several ways to obfuscate the video URL, such as using JavaScript to produce it dynamically or encoding it in a manner that makes it more difficult to decipher.
-
Tokenization: Implement a token-based system where each session’s or user’s individual access token is required for accessing the video URL. In this approach, it is more difficult to publish the video URL because it cannot be accessed directly without the token.
-
HTTP Referrer Check: To make sure that requests to play the video are originating from your website or particular whitelisted domains, you can configure your server to look at the HTTP referrer header. As a result, the video URL cannot be hot-linked or used without permission.
-
Limited Access: Limit the availability of the video URL depending on user or IP address authentication. In this manner, the video can only be accessed by authorized individuals or particular IP ranges.
-
Streaming Services: If you’re worried about video piracy, you might want to host your videos on a platform that offers stronger security and access controls.
Note: A determined user with sufficient technical knowledge can still access the video URL even though these methods may prevent casual users. Though even DRM (Digital Rights Management) systems are not completely secure, they may be worth looking at if you require high-level security for your media.
Thanks for your quick response! So are there any commonly used techniques for Obfuscation?
1 Like
Yes, In HTML5 video players, obscuring a video URL involves rendering it harder for common people to find or less human-readable. While it cannot guarantee 100% security, it can deter users from getting to the video source. The following are some common approaches for hiding video URLs in HTML5 video players:
-
Base64 Encoding
While sending the video URL to the player, you can encrypt it using Base64 encoding. As a result, visitors may have a tougher time remembering the URL and finding it in the page source.
-
URL Encoding
Use a cryptographic technique to encrypt the video URL, then after it has been decrypted on the client side, send it to the video player. By doing this, the video URL is hidden from view in the source code.
-
Scripting in Java
Use JavaScript to build the video URL dynamically rather than just specifying it in the HTML source code. The final URL may be created by applying an algorithm or by concatenating various URL components.
-
Tokenization
Include a parameter requesting a specific access token in the video URL, and configure the server to verify the token before delivering the video. It is more difficult for unauthorized access when tokens are produced for each session or user.
Let me know if you have any other queries.
1 Like