Roku Developer Program

Developers and content creators—a complete solution for growing an audience directly.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 7

Importance of security

Hey everyone, long time lurker here. I just had a few questions about using ("roUrlTransfer") and content security.

I've been developing a channel that streams audio from my personal server. This is a standard host (mediatemple) with no special streaming services or cloud hosting. The audio files and JSON data I'm using are sitting in an unsecured folder on the server. I'm currently using a rather straightforward method for accessing this data. For example:

port = CreateObject("roMessagePort")
http = CreateObject("roUrlTransfer")
json = ParseJson(http.GetToString())
list = CreateObject("roArray", 1, true)
for each item in json.sounds
sound = {
ContentType : "audio"
ShortDescriptionLine1 :
ShortDescriptionLine2 : item.shortDesc
HDPosterUrl : item.HDPoster
SDPosterUrl : item.SDPoster
end for

return list

I guess my question is. How vulnerable am I here to content theft?

Also, would it be possible to add a simple .htaccess user and pass to the folder and still be able to
access it through ("roUrlTransfer")?
0 Kudos
Roku Employee
Roku Employee

Re: Importance of security

If you're not using HTTPS than anyone with LAN sniffer software can read your URL request regardless of if it's password-protected or not. If you use SSL you can secure the content of your folder provided that the security on your server is decent. There are other methods to provide reasonable security for example including a timeout parameter in your URL so that it is generating a unique URL each time which can only be reused within a short time span. This would require using a scripting language on your server for the device to interact with instead of directly requesting the files from the server.

0 Kudos
Level 7

Re: Importance of security

Thanks, Joel. That's exactly what I assumed. I'll go ahead and take the time to set up the SSL.
0 Kudos