skip to Main Content

Helloo, i have a theoratical question, thats why I don’t have code snippets, but maybe someone knows an answer.
I program a website that offers videotrainings, but they cost. If the user knows the path to the videos on the server, can I prevent them from editint the html in browser and insert a video tag linked to the video, they should pay for?

2

Answers


  1. If the user knows the path to the videos on the server

    If you’re trying to be security-conscious, an unauthorized user should not know the path to a video they don’t have the credentials to see.

    Only send a video link to a user after verifying (on the server) that their account has bought it, and only serve a video to a browser if the browser has supplied the server with the required credentials to see the video. If something requests a video link without the right cookies (or without the right JWT, or however you’re authorizing things), reject the request.

    Login or Signup to reply.
  2. Why not rely on a library? Passport is 18K star project, and does the job with Node and Express on your server. They have tons of precofigured strategies (500 and more). This can be done with a simple fetch API, while the rest of your site is served with Apache

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search