Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Owlie
Visitor

Importance of security

Hey everyone, long time lurker here. I just had a few questions about using ("roUrlTransfer") and content security.

I've been developing a channel that streams audio from my personal server. This is a standard host (mediatemple) with no special streaming services or cloud hosting. The audio files and JSON data I'm using are sitting in an unsecured folder on the server. I'm currently using a rather straightforward method for accessing this data. For example:


port = CreateObject("roMessagePort")
http = CreateObject("roUrlTransfer")
http.SetMessagePort(port)
http.SetUrl("http://someserver.com/roku/music_list.json")
json = ParseJson(http.GetToString())
list = CreateObject("roArray", 1, true)
for each item in json.sounds
sound = {
ContentType : "audio"
ShortDescriptionLine1 : item.name
ShortDescriptionLine2 : item.shortDesc
HDPosterUrl : item.HDPoster
SDPosterUrl : item.SDPoster
}
list.Push(sound)
end for

return list


I guess my question is. How vulnerable am I here to content theft?

Also, would it be possible to add a simple .htaccess user and pass to the folder and still be able to
access it through ("roUrlTransfer")?
0 Kudos
2 REPLIES 2
RokuJoel
Binge Watcher

Re: Importance of security

If you're not using HTTPS than anyone with LAN sniffer software can read your URL request regardless of if it's password-protected or not. If you use SSL you can secure the content of your folder provided that the security on your server is decent. There are other methods to provide reasonable security for example including a timeout parameter in your URL so that it is generating a unique URL each time which can only be reused within a short time span. This would require using a scripting language on your server for the device to interact with instead of directly requesting the files from the server.

Joel
0 Kudos
Owlie
Visitor

Re: Importance of security

Thanks, Joel. That's exactly what I assumed. I'll go ahead and take the time to set up the SSL.
0 Kudos