Secure playback by wmp embedded in a page

[janekw]

Hello,

I have an asp.net "player" application; I show some records from a
database, user clicks, a wave file plays through <object> wmp 6.4 (all
of this in ie6). Now I have to secure the app. So, I enable ssl on the
server and... I stumble upon two problems:

1. "The site contains safe and unsafe elements" warning. I believe the
problem here is wmp. Is there any way to suppress the warning? Do I
have to move wmp object to a different - non ssl - page and set
https/app/file.wav in the wmp srcpath property? Or perhaps frames would
do the thing? They are all just guesses.

2. Are .wav files safe? I'm not sure especially after the warning
above. Do they "travel" encrypted or not? Or do I have to use another
file format, wmv or asf? Do I need something else for the streaming
than a wav-asf converter and iis? Another server?

I don't feel confident neither in the media-playing area nor in
web-through-ssl. I'd appreciate any help. I also hope this is the right
place for a post like that.

Jan

 

[Rob ^_^]

Hi Jane,

Suggest you look a complete re-write and test of your site. What you are
seeing is on the beginning of your problems. Sounds like you are developing
on a Win2K machine with IE6 SP1. Vista and IE7 are just around the corner,
Win XP, IE6 SP2 are the predominant OS versions on the web.

When you say secure your web site what do you mean? What problem or issue
are you addressing that requires you to use ssl on your site.

Regards.

 

[janekw]

Hi Jane,

I'm Jan, and I'm definitely male

Suggest you look a complete re-write and test of your site. What you are
seeing is on the beginning of your problems. Vista and IE7 are just around the corner,
Win XP, IE6 SP2 are the predominant OS versions on the web.

It's all aspnet on the server side. The only asp-generated component on
the client side is wmp, and it's hardly non-standard component. I don't
see any risk here.

Sounds like you are developing on a Win2K machine with IE6 SP1.

And how do you know I'm on 2K IE6SP1? Because it's true, at the
moment, I also first-test on my machine, but release server is always
XP or 2003 and clients, well, they differ. Mainly IE6SP2.

When you say secure your web site what do you mean? What problem or issue
are you addressing that requires you to use ssl on your site.

It's the client's policy, really. I just have to ensure the
communication is safe.

 

[Rob ^_^]

Hi Jan,

I saw the jane in janekw and assumed. I also missread wmp as winamp, not
windows media player, so thats why I guessed you were developing on Win2K as
XP and Vista are pushing media broadcasts away from a browser plugin to wmp.

The security warnings are a browser setting that a user has to make to their
internet security zone (something like Show Mixed content on secured web
sites) - That may be solved if you a digitally signed version of the
control - maybe use the codebase value from a microsoft site..

Wav files are safe.... err... yes. There is an internal listing of file
extensions that Ie uses to block certain file types from being downloaded to
the cache. (search for Unsafe files Internet Explorer) and .wav is not on
that list, though this could change if that file type become a security
threat.

A workaround for embeded wmp objects, if you are just using .wav files is to
use javascript to change the body background sound based on the user
selection. I don't know what browsers support that style attribute though.
Also then users can switch off scripting so don't forget the <noscript>
tags.

nailing jelly to a tree..

Regards.