WO Blog

Dear Auntie,

I’m not sure if I’ve told you this before but don’t try and secure your website or content using javascript.

Love,

John
——-
What am I rambling on about? Well last week the Beeb decided to launch their fab iPlayer service for the minority mobile platform that is the iPhone/iTouch. However as they didn’t want to use flash video and Apple don’t license their DRM technology they decided to use a non DRM version of Mpeg 4.

The Beeb’s first go at “security” was to use the user agent strings that browsers send to web servers. This was quickly spotted and blogged about. Soon people were able to download and keep Mpeg4 versions of shows from iPlayer if they had and iPhone or not.

Today the Beeb announced that they had fixed this loophole. As Apple don’t license their DRM technology the DRM free files will still be available so they must be using some other way of identifying a browser as an iPhone/iTouch user.

The only other option open to them is javascript. They will be browser sniffing somewhere and either setting a cookie with javascript to say if a browser is actually an iphone or not or doing some redirection in the javascript to say a user is not able to request a file.

Either way I bet someone will find a way around it by the day’s end.

According to The Register someone already has and I think one of my two guesses are correct but the journo is keeping quiet as he doesn’t want to spoil the fun of people figuring it out themselves.

Now if I wonder if Dave thinks me spending my afternoon trying to crack it is a good use of his money…..

One Trackback

  1. By » Dear Auntie on 13 March 2008 at 5:59 pm

    [...] Apple iPhone Headline News wrote an interesting post today onHere’s a quick excerptFrom Woblog (NR) bookmark this on del.icio.us – posted by bbccouk to bbc bbciplayer iplayer iphone javascript forblog and saved by others… [...]

Post a Comment

Your email address is never published nor shared. Required fields are marked *

*
*

WO BlogGreat stuff about the web

Book Club – ‘Getting Things Done’ by David Allen

by Frances

Introducing DO PM: Oxford’s First Digital Project Management Meet-Up

by Stephen

BIRDIE – A new photography conference from White October Events!p

by Vicky

See WO blog

Careers at WOJoin the team

We are currently hiring:

Not quite what you're looking for? If you'd like to hear about opportunities to join our team in the future, you can sign up to receive email notifications

Our next eventsWe organise and sponsor events

  1. Emerging Tech Weekender

    A hack weekend bringing together Oxford’s finest business brains designers and developers to explore new opportunities for bleeding edge digital tech.

  2. DO PM Gets Lean

    We’re really excited to announce that Frank Nigriello - Director of Corporate Affairs at Unipart Group Ltd is our guest speaker this month.