33  

I fully agree with the DRM consensus of other answers. But would like to add...

我完全同意DRM对其他答案的共识。但是想补充一下......

There are a couple of obfuscation techniques that may meet you needs. "Good enough", as they say. These aren't full proof mechanisms, but very well may prevent 80%-99% of people trying to copy your FLV streams/files. A dedicated hacker will get to it, but most folks are just script kiddies (or their FireFox plug-in loving cousins.) Plus, some of these techniques are really easy:

有几种混淆技术可以满足您的需求。他们说,“足够好”。这些不是完全证明机制,但很可能会阻止80%-99%的人尝试复制您的FLV流/文件。一个专门的黑客会得到它,但大多数人只是脚本小子(或他们的FireFox插件爱表兄弟。)此外,其中一些技术非常简单:

• Change/remove the MIME type the server is responding with. Flash players blissfully ignore it anyway. E.g.: image/jpeg

更改/删除服务器正在响应的MIME类型。无论如何,Flash播放器幸福地忽略了它。例如:image / jpeg

• Change the file extension from .flv to something else, like .jpg. Again, Flash players blissfully ignore it anyway. Additionally, once the file is saved to disk, a non-FLV player will open it (and complain about it being an invalid file format.)

将文件扩展名从.flv更改为其他内容,例如.jpg。无论如何,Flash播放器幸福地忽略了它。此外,一旦文件保存到磁盘,非FLV播放器将打开它(并抱怨它是无效的文件格式。)

• Set aggressive 'don't cache' headers for all your FLV content. (This, naturally, means more traffic and bandwidth consumed. Maybe this is not an issue for you?)

为您的所有FLV内容设置积极的“不缓存”标头。 (这自然意味着消耗更多的流量和带宽。也许这对你来说不是问题?)

• Stream over UDP-based protocols (like RTSP). While my read is that UDP protocols are on the way out for large scale streaming of on demand content, it is much more difficult to copy. E.g.: Real Downloader cannot currently pilfer these streams.

流式传输基于UDP的协议(如RTSP)。虽然我的阅读是UDP协议正在大规模流式传输点播内容,但复制起来要困难得多。例如:Real Downloader目前无法窃取这些流。

• Break up content into two or more pieces of partial content, and play them back to back.

将内容分解为两个或多个部分内容,并将它们背靠背播放。

• Hide your FLV content behind a simple, custom one-time authentication mechanism
  • Player requests authorization key for content A

  播放器请求内容A的授权密钥

  • Server returns an authorization1 key: SHA1(content key + salt1)

  服务器返回authorization1密钥:SHA1(内容密钥+ salt1)

  • Server stores content key, authorization1 key, authorization2 key (which is SHA1(authorization1 + salt2))
    • one time use

    一次性使用

    • limited validity (E.g.: 2 seconds)

    有效期限(例如:2秒)

  服务器存储内容密钥,authorization1密钥,authorization2密钥(SHA1(authorization1 + salt2))一次使用有限的有效期(例如:2秒)

  • Player creates authorization2

  玩家创建授权2

  • Player requests content a with authorization2

  播放器通过授权2请求内容a

  • Server sends ´FLV´ content to client if and only if
    • authorization key matches to content key in server side store

    授权密钥与服务器端存储中的内容密钥匹配

    • authorization key has not expired

    授权密钥尚未过期

  当且仅当授权密钥与服务器端存储授权密钥中的内容密钥匹配时,服务器才向客户端发送'FLV'内容

将FLV内容隐藏在一个简单的自定义一次性身份验证机制后面,Player请求内容的授权密钥服务器返回authorization1密钥:SHA1(内容密钥+ salt1)服务器存储内容密钥,authorization1密钥,authorization2密钥(SHA1(authorization1) + salt2))一次使用有限的有效期(例如:2秒)播放器创建授权2播放器请求内容a with authorization2当且仅当授权密钥与服务器端存储授权密钥中的内容密钥匹配时,服务器才向客户端发送'FLV'内容过期

I've actually implemented that last idea, the authorization mechanism, myself and can vouch for it's practical effectiveness. No, it is not totally secure. But it is good enough. Not even a power users is capable of beating it.

我实际上实现了最后一个想法,授权机制,我自己,并可以保证它的实际效果。不,这不是完全安全的。但它足够好了。即使是高级用户也无法击败它。

Defeating it requires

击败它需要

1. reverse engineering the process,

逆向工程过程,

2. decompiling your Flash player,

反编译您的Flash播放器,

3. putting it all back together again.

将它们重新组合在一起。

Good enough.

It is amazing how many "plz sends me teh codez" emails this post has generated from the "simple, custom one-time authentication mechanism" suggestion. Don't bother, I can't--it was for a proprietary project for my employer, xtendx AG. If interested in purchasing the system, email sales@xtendx.com.

令人惊讶的是,这篇文章通过“简单,自定义的一次性身份验证机制”建议产生了多少“plz发送给我的代码”电子邮件。不要打扰,我不能 - 这是我的雇主xtendx AG的专有项目。如果有兴趣购买该系统,请发送电子邮件至sales@xtendx.com。

8  

There is no way to add DRM protection (i.e. encryption) to static FLV files - anyone who knows the URL can simply download them, or (in some cases) get them out of their browser's cache, and then play them in any supporting player. (However, you can probably prevent people from embedding your content in other sites - google "Hotlinking protection".)

无法为静态FLV文件添加DRM保护(即加密) - 任何知道URL的人都可以简单地下载它们,或者(在某些情况下)将它们从浏览器的缓存中取出,然后在任何支持的播放器中播放它们。 (但是,您可以阻止人们将您的内容嵌入其他网站 - 谷歌“Hotlinking protection”。)

Streaming your FLVs can be done for free with OSS like Red 5. This doesn't offer "DRM" protection per se, but it does send the video in a file stream, so there is no single file for the user to download and save. It's still possible for the user to capture the file with certain programs, but it's much more inconvenient.

流式传输FLV可以通过像Red 5这样的OSS免费完成。这本身不提供“DRM”保护,但它确实在文件流中发送视频,因此没有单个文件供用户下载和保存。用户仍然可以使用某些程序捕获文件,但它更加不方便。

As for "real" DRM, the only solution I'm aware of is Adobe Flash Media Rights Management Server. I've never used it, but apparently it will stream DRM-encrypted FLV or MP3 content, and enable you to apply the usual sorts of DRM restrictions.

至于“真正的”DRM,我所知道的唯一解决方案是Adobe Flash Media Rights Management Server。我从来没有使用它,但显然它会传输DRM加密的FLV或MP3内容,并使您能够应用常见的DRM限制。

6  

You can't. Any effort or money that you spend chasing DRM will be a waste of resources that you could have put into improving your product. Put your logo and URL into the videos, so that anyone copying them is advertising your site, put a copyright notice into the videos and sue anyone who you catch copying your content illegally, and call it a day.

你不能。您花在追逐DRM上的任何努力或资金都将浪费您可以用于改进产品的资源。将您的徽标和网址放入视频中,以便复制它们的任何人都在宣传您的网站,在视频中加入版权声明并起诉任何您非法复制内容的人,并将其称为一天。

3  

The short version is that DRM (in any form) is an arms race, If I can play it, I can steal it. The only question is how hard is it.

简短的版本是DRM(任何形式)都是军备竞赛,如果我可以玩它,我可以偷它。唯一的问题是它有多难。

Personally, I don't think DRM is a good idea. In the long run, it's not going to help because people who steal it, will steal it no mater what you do and those who don't will be inconvenienced by it even so.

就个人而言,我认为DRM不是一个好主意。从长远来看,它不会有所帮助,因为窃取它的人,无论你做什么都会偷走它,而那些不这样做的人即使如此也会给它带来不便。

http://xkcd.com/488/

That said, stealing it is also not a good idea and you should have the right to control what you produce. (However I don't know how to do that)

也就是说,窃取它也不是一个好主意,你应该有权控制你生产的东西。 (但我不知道该怎么做)

The only answers I can think of for this are: 1) start selling something that can't be stolen or 1) make it easier to buy then steal. The first amounts to Pandora-for-fee/Netflix-for-music (but with something like a CC license on major label songs). The second isn't even a music industry problem but a financial industry problem; how to make online payments easy and safe for both side without screwing over either the buyer or the seller.

我能想到的唯一答案是:1)开始销售不能被盗的东西或1)让它更容易购买然后偷。第一个是Pandora-for-fee / Netflix-for-music(但主要标签歌曲上有CC许可证)。第二个问题甚至不是音乐产业问题,而是金融业问题;如何在不欺骗买方或卖方的情况下使双方的在线支付变得简单安全。

2  

Have you thought about hosting your video on Amazon S3? you can set urls for your videos to expire so that the link to the video will only be valid for certain period of time. This doesn't prevent anyone from getting the video from their cache once it has downloaded nor does it prevent other ways such as using Orbit downloader, or RealPlayer video downloader but it would prevent hotlinking.

您是否考虑过在Amazon S3上托管视频?您可以设置视频的网址到期,以便视频链接仅在特定时间段内有效。这不会阻止任何人在下载后从其缓存中获取视频,也不会阻止其他方式,例如使用Orbit下载器或RealPlayer视频下载器,但这会阻止热链接。

I agree with comments that this is an arms race and a strategy for video delivery that accepts that people do want to download videos to share or copy to other devices etc and tries to live with it will probably be the most successful and pain free. Watermark, embed links to your site, try to capitalise on the increase in the number of eyeballs watching your video as a result of being downloadable.

我同意评论这是一场军备竞赛和视频传播策略,接受人们确实想要下载视频以共享或复制到其他设备等,并试图与它一起生活可能是最成功和无痛苦的。水印,嵌入到您的网站的链接,尝试利用由于可下载而观看您的视频的眼球数量的增加。

1  

sites like youtube try to make it difficult to download their videos by obfuscating the flash and also changing the structure every so often. As others have said it is an arms race. Youtube updates their structure and then tools like pytube have to also update.

像youtube这样的网站试图通过混淆闪光灯以及每隔一段时间更改结构来下载视频变得困难。正如其他人所说,这是一场军备竞赛。 Youtube更新了它们的结构,然后像pytube这样的工具也必须更新。

0  

Have a look to this analysis from Longtail.

从Longtail看一下这个分析。

It starts with a golden rule:

它始于一条黄金法则:

Anyone who can watch your video can steal your video.

任何可以观看您视频的人都可以窃取您的视频。

And it ends up with a really nice series of security concerns and prevention techniques.

它最终得到了一系列非常好的安全问题和预防技巧。

0  

Make a seperate site for your content. Configure web server app settings for 2nd site ("content server") to intercept requests for any static content (your videos, pictures, whatever) so you can do a check for a permissions cookie for each requested piece of content to check if theyve been validated and granted access to that piece of content or not.

为您的内容创建一个单独的网站。为第二个站点(“内容服务器”)配置Web服务器应用程序设置,以拦截对任何静态内容(您的视频,图片等)的请求,以便您可以检查每个请求的内容的权限cookie,以检查它们是否已被删除是否验证并授予对该内容的访问权限。

-1  

No protection can beat a simple use of WireShark + NetMiner.

没有任何保护可以简单地使用WireShark + NetMiner。

Period.

Oh and by the way, about youtube, if you use Chrome check out this extension:

哦,顺便说一句,关于youtube,如果你使用Chrome,请查看此扩展程序:

http://hosting.gmodules.com/ig/gadgets/file/113621719436589749332/ZiTube.crx

It just creates a download button under youtube videos ;)

它只是在youtube视频下创建一个下载按钮;)