Using JPlayer in mojoPortal

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.
This thread is closed to new posts. You must sign in to post in the forums.
12/13/2011 5:21:49 PM
IndigoTea
Gravatar
Total Posts 355
View Posts

Re: Using JPlayer in mojoPortal

Glad to know it's not just the mojo implementation. This client has some specific UI requirements that wouldn't make sense in a general plugin, but one thing I might suggest is this.

Currently, the video player plugin allows file upload to any folder, so even if the player instance is secured using mojoPortal security, the video file can be accessed directly, bypassing the security protocols. I'm looking at using an httpheader/httphandler approach to ensure that the only persons who can access the files are authorized by built-in rights and roles. Not sure if it's better to limit the file placement on the server, or just use the custom headers for video file types site-wide. Still thinking through my approach, deciding the best route to take.

12/14/2011 8:28:06 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Using JPlayer in mojoPortal

We've made no claim that these features provide security for the media files. It is no different than the image gallery features in that regard. If someone knows the url to the media they can get it.

Theoretically it might be possible to secure the files in a similar fashion as the shared files feature such that the files are stored on disk with a .config extension so they cannot be downloaded just by knowing the url, and then use an .ashx handler url for the files that checks the role permissions and writes the file to the response stream if the user has permission. But I'm not sure how that may impact the streaming and playback of the files, probably it would work but it would need testing, with larger video files it may choke and with lots of video traffic that approach would probably add a bit of load on the server vs just letting IIS serve the file.

But that wasn't really a goal for this just as it wasn't a goal for the image gallery features. The goal was just to make it easy to have audio and video in one's site.

I'd consider trying that as a possible future enhancement but it should be optional such that a setting can indicate if the instance is supposed to use secured files and then we'd have to figure out how to handle it if the setting is changed after files are uploaded.

Maybe you can clone it and modify it for your needs and if it works well let us know and we could consider integrating the changes back into it.

Best,

Joe

12/14/2011 8:50:08 AM
IndigoTea
Gravatar
Total Posts 355
View Posts

Re: Using JPlayer in mojoPortal

That's pretty much my game plan. I use something similar for my MegaGallery to ensure formatting and watermarking of all images, though until this week, I hadn't thought about applying it to security of the files as well (add another item on the worklist). Like I said, this client has very specific needs, but I can see the secured aspect being applicable to anyone wanting to monetize their content. That's actually a pretty popular trend with certain markets, so it's not bad to be able to support it.  

I see where you're coming from about wanting the security to be toggled, but I don't want to add another layer of access complexity in addition to rights/roles - at least, not for this client. YMMV. I'll let y'all know how it works - thanks!

You must sign in to post in the forums. This thread is closed to new posts.