Red5 和 FLV 文件的独特命名
我在服务器上实现了 Red5,并通过网页集成了 Red5Recorder,这使得用户能够通过网络摄像头将文件录制到服务器。
然而,我不太明白的是如何在服务器上唯一地命名结果文件。
Red5Recorder 有一个参数“fileName”,可以通过 JavaScript 向其提供新值来修改该参数,但这依赖于客户端安全性(又名:不存在)。如果被利用(这并不难),它可能允许用户以另一个用户的身份录制视频。
鉴于所有录制视频的用户都将登录(有一个活动的 $_SESSION[] 变量),如果有一种方法可以根据此输入创建文件名,那就完美了。
这里有人有这方面的经验吗?有想法吗?解决方法?我不熟悉 RTMP 也不熟悉如何管理它(到目前为止我所学到的知识本身就给我留下了深刻的印象)。
感谢您提供的任何帮助、建议或指导!
编辑——
问题仍然存在,但我目前正在为此寻找解决方法。这个概念是,网页加载了由 PHP 生成的随机令牌,该令牌插入到 JavaScript 中以设置“fileName”属性。该令牌也被插入到数据库中,并归属于用户的帐户。当 .flv 到达流目录时,它会与数据库中的令牌匹配并与该用户关联,此时令牌将被销毁(确保它是“使用一次”令牌)。
这与确认电子邮件帐户背后的概念几乎相同 - 只是我们不是确认帐户而是确认视频。
I've implemented Red5 on a server and, through a webpage, integrated the Red5Recorder which results in a user being able to record a file to the server through their webcam.
What I can't quite figure out, however, is how to uniquely name the resulting file on the server.
The Red5Recorder has a parameter "fileName" which can be modified by feeding it a new value through JavaScript, but that relies on client-side security (aka: nonexistent). If exploited (which wouldn't be hard), it could allow a user to record videos as another user.
Given that all users who record video will be logged in (have an active $_SESSION[] variable), if there was a way to create a file name based on this input, that would be perfect.
Does anyone here have any experience with this? Ideas? Workarounds? I'm not familiar with RTMP or how to manage it (that I got this far is, on its own, substantially impressive to me).
Thanks for any help, suggestions, or directions you can provide!
EDIT --
The question still stands, but I'm working on a work-around for this at the moment. The concept would be that the webpage is loaded with a random token generated by PHP inserted into the JavaScript to set the 'fileName' attribute. This token is also inserted into the DB, and attributed to the user's account. When a .flv hits the streams directory, it's matched with a token in the DB and associated with that user, at which point the token is destroyed (assuring that it's a 'use once' token).
It's pretty much the same concept behind confirming email accounts - only instead of confirming accounts we're confirming videos.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如何将
uniqid()与uniqid()一起使用? net/session_name" rel="nofollow">session_name()。How about using
uniqid()withsession_name().我确信这听起来很复杂,但这通过 Red5 是完全可能的。您可以通过 RTMP url 传递查询字符串并在服务器端拦截它以构造自定义文件名。这将需要修改您正在使用的 Red5 应用程序。与此连接:
可以在应用程序连接中访问,如下所示:
public boolean appConnect(IConnection conn, Object[] params) { Map connParams = conn.getConnectParams(); if (connParams != null) { String streamName = connParams.get("queryString") != null ? connParams.get("queryString").get("streamName") : null; } }This is certainly going to sound complicated, i'm sure but this is totally possible via Red5. You could pass a querystring via the RTMP url and intercept it on the server side to construct a custom filename. This will require modification of the Red5 app that you're using. Connecting with this:
Could be accessed in the application connect like so:
public boolean appConnect(IConnection conn, Object[] params) { Map connParams = conn.getConnectParams(); if (connParams != null) { String streamName = connParams.get("queryString") != null ? connParams.get("queryString").get("streamName") : null; } }