How to make Video Upload Secure?


#1

Hello All,

We are interested to allow our members to Upload their own HTML5 compliant Videos.
Of course we are going to check that they are loading correct file type. But as you know a Hacker can easily get around the file type check.

So what is the best step to make sure a Video file uploaded is actually a Video and hence make this Hacker proof?

In case: we are initiating the Video Upload via AJAX. So an AJAX call to Php together do the Video Upload.

Thanks,
Dean


#2

As you seem to already know what attack vectors you have to expect, what’s the problem with securing these procedures?


#3

Well I have some ideas as to what the attack vectors will be.
But I was hoping a few good People here would have the better more complete answer than me.
It is a shame that NO One here has a better answer than myself. But predictable since securing Video Upload is a rather very high end task.
But had to try.


#4

I would not say that no member here has a better answer than checking for correct file type. My take is, as you have sensed, that security is a complex area of web dev. Indeed, it is complex to the point of being its own field.

My short answer?

Don’t allow users to submit videos, ask them to host them at a known video hosting site such as Youtube and link to them there from your site.


#5

You could have a browse down the forum a bit - there are a few related topics on here.