Another common misconception about the S3MV script, is, people asking…
I just installed the S3mv script. And I’m watching a video on my web site. I’m now able to do a view source, get the URL from the source, and view it in a different browser. Isn’t this a bug or security hole in the script?
Relax, it’s neither a bug nor a security hole.
When you first visit a page that contains the S3MediaVault embed code, the S3MV script connects to your Amazon S3 account using the security credentials you provided in the script configuration during setup, and then it retrieves a secure, expiring URL that will be alive for 15 minutes.
So once the video starts playing, the clock starts ticking down towards those 15 minutes. Which means, when you do a view-source, the URL you see is actually an expiring link that will expire in less than 15 minutes.
So if you take that link and view it in another browser, then sure, you will be able to view it until the link expires (which is 15 minutes from the first time the S3MV script received the URL from Amazon).
So if you visited the page at 11:00 AM, then the temporary link can be revisited any time until 11:15 AM.
Now another thing that throws a wrench into your understanding of how this works, is when browsers cache URL’s.
So let’s say now you want to test this link after 15 minutes, to make sure it doesn’t work. Now when you visit the same link say 2 hours later in the same browser in which you viewed it earlier, guess what: your browser has cached the temporary URL, and will start playing the video even after 2 hours, while you sit there and wonder why the expiring link hasn’t, well, expired!
So if you want to do a proper test, here’s what you should do…
- Go to your blog page or post that has the S3MV script embed code. Note down the time. Let’s say it’s 11:00 AM. You’ll see the video start playing. Let’s say your default browser is Firefox.
- Now do a view-source, copy the full URL, and try to go to it directly – it should work again – because it’s still within the 15 minute expiring window.
- Make a note of the URL in notepad – or some text editor. Come back to this after say, 1/2 hour.
- Now open a completely new browser (like Internet Explorer or Chrome) – something different from your primary browser that you used earlier.
- Now try visiting that same URL in this new browser. You’ll see that it doesn’t work.
You can rest assured when we say that this script is use on thousands of web sites, and the security is rock-solid.
Now remember, that the S3MV embed codes will load the right video for anyone visiting your blog.
If you wish to further prevent un-authorized visitors from even visiting your blog page or post that contains the embed code, then you need our other script – DigitalAccessPass.com – to protect blog posts and pages from non-”members” (so to speak).
Feel free to comment below if you have any questions.