You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Currently, HLS (HTTP Live Streaming) video content in Frappe LMS lacks encryption, making it vulnerable to unauthorized access. While HTTPS provides basic security, without encryption, video URLs can be intercepted, and content can be accessed without proper authorization. This is particularly important for paid or restricted content where unauthorized redistribution should be minimized.
Describe the solution you'd like
Implement HLS encryption to add a basic level of content protection by encrypting video segments and requiring a decryption key for playback. This should include:
Key Transmission over HTTPS – Ensuring encryption keys are only accessible via secure HTTPS connections.
Token-based Authentication for Key Requests – Only authenticated users should be able to request and retrieve decryption keys.
Key Rotation – Supporting automatic key rotation every n minutes as per the HLS standard, reducing the risk of key leaks.
Describe alternatives you've considered
DRM-based protection (e.g., Widevine, FairPlay, PlayReady) – While this offers a stronger level of security, it is more complex and requires licensing, which may not be feasible for Frappe LMS at this stage.
Signed URLs for video access – A potential alternative but does not protect against unauthorized access once a URL is shared.
Additional context
HLS encryption is a practical way to enhance content security without implementing full DRM. While not a foolproof solution against piracy, it adds a layer of protection that discourages casual misuse. Implementing authentication and key rotation further improves security.
Would love to discuss how this can be integrated into Frappe LMS!
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
Currently, HLS (HTTP Live Streaming) video content in Frappe LMS lacks encryption, making it vulnerable to unauthorized access. While HTTPS provides basic security, without encryption, video URLs can be intercepted, and content can be accessed without proper authorization. This is particularly important for paid or restricted content where unauthorized redistribution should be minimized.
Describe the solution you'd like
Implement HLS encryption to add a basic level of content protection by encrypting video segments and requiring a decryption key for playback. This should include:
Key Transmission over HTTPS – Ensuring encryption keys are only accessible via secure HTTPS connections.
Token-based Authentication for Key Requests – Only authenticated users should be able to request and retrieve decryption keys.
Key Rotation – Supporting automatic key rotation every n minutes as per the HLS standard, reducing the risk of key leaks.
Describe alternatives you've considered
Additional context
HLS encryption is a practical way to enhance content security without implementing full DRM. While not a foolproof solution against piracy, it adds a layer of protection that discourages casual misuse. Implementing authentication and key rotation further improves security.
Would love to discuss how this can be integrated into Frappe LMS!
The text was updated successfully, but these errors were encountered: