Dear Auntie,

I’m not sure if I’ve told you this before but don’t try and secure your website or content using javascript.


What am I rambling on about? Well last week the Beeb decided to launch their fab iPlayer service for the minority mobile platform that is the iPhone/iTouch. However as they didn’t want to use flash video and Apple don’t license their DRM technology they decided to use a non DRM version of Mpeg 4.

The Beeb’s first go at “security” was to use the user agent strings that browsers send to web servers. This was quickly spotted and blogged about. Soon people were able to download and keep Mpeg4 versions of shows from iPlayer if they had and iPhone or not.

Today the Beeb announced that they had fixed this loophole. As Apple don’t license their DRM technology the DRM free files will still be available so they must be using some other way of identifying a browser as an iPhone/iTouch user.

The only other option open to them is javascript. They will be browser sniffing somewhere and either setting a cookie with javascript to say if a browser is actually an iphone or not or doing some redirection in the javascript to say a user is not able to request a file.

Either way I bet someone will find a way around it by the day’s end.

According to The Register someone already has and I think one of my two guesses are correct but the journo is keeping quiet as he doesn’t want to spoil the fun of people figuring it out themselves.

Now if I wonder if Dave thinks me spending my afternoon trying to crack it is a good use of his money…..

One Trackback

  1. By » Dear Auntie on 13 March 2008 at 5:59 pm

    […] Apple iPhone Headline News wrote an interesting post today onHere’s a quick excerptFrom Woblog (NR) bookmark this on – posted by bbccouk to bbc bbciplayer iplayer iphone javascript forblog and saved by others… […]

Post a Comment

Your email address is never published nor shared. Required fields are marked *

Ready to talk?

Whether you want to create a new digital product or make an existing one even better, we'd love to talk it through.

Get in touch