Posts: 21
Joined: Dec 2013
Reputation:
0
Hi,
Is there an easy way to hide or encrypt a url...
Basically I have URL's in my add-on that I don't want users to see when they look at my script.
Is this possilbe
For example using something like:
import md5 (or another type of encryption)
getURL=***MD5 CODE***
Posts: 43
Joined: Nov 2013
Anyone who cared could trivially capture the network activity with Wireshark. You're not going to be able to hide this.
Posts: 21
Joined: Dec 2013
Reputation:
0
2015-02-25, 10:08
(This post was last modified: 2015-02-25, 14:30 by aarronlee.)
But I need to take this from the script as they could only sniff the URL once they "login" to the add-on.
If not, the URL isnt loaded. Every month I change the URL.
Hense why I want to change it so someone that doesnt have login details couldnt search the script for the URL.
Basically it logs the user in and then once succesfull it loads another .py file with the URLs to load data from XML.
Resume:
getURL=http://mydomain.com/, 'file.xml'
To:
import "encryption ie. md5"
getURL=17373626181726373, 'file.xml'
Something like that...
Posts: 7,141
Joined: May 2011
Reputation:
383
2015-02-25, 16:37
(This post was last modified: 2015-02-25, 16:37 by Lunatixz.)
A quick google search yields that your project is a dixie-deans tv-guide clone, which was a rework of twinther tv-guide plugin?
By the info on your site, you are looking to charge a fee and run a pay for use plugin?
I understand the need to obfuscate urls and sensitive info.
But I do not understand taking someone elses hard work, changing its urls and calling it your own... what's up with that?
Posts: 2,078
Joined: Nov 2012
Reputation:
176
enen92
Team-Kodi Member
Posts: 2,078
Truth is you can't basically run a scam and hide your ass completely. The only way you could, in theory ,do this (hide the xml contents not the url) can lead to your identification by any sort of authority. Involving money into it is just a catalyst for things to go wrong for you.
So think twice and get a proper job.
Posts: 21
Joined: Dec 2013
Reputation:
0
2015-02-25, 17:31
(This post was last modified: 2015-02-25, 17:43 by aarronlee.)
Okay let's get some things straight..
Don't judge without knowing.. If you're not willing to help that's one thing but don't try and make something that its not.
I have permission from various MODs inc. the creator of the plugin to modify it.
The information you find online is from last year and out-dated.
On the description of the plugin, everyone that contributed is mentioned but until installed you wouldn't see that.
Shall I continue;-
1. What I want to hide is the IP adress of MY server which I pay quite a lot of money for and don't want it visible in github so if someone was to do a basic search, it wouldn't appear in Google or any other search engine sites, nor will the have the right to use something I have to pay for.
2. I don't charge for the add-on, I charge for it's content that I pay my subscriptions for, my VAT (iva in spain), and channels that I make playlists for and broadcast (not original channels). Yes it's illegal that I am broadcasting downloaded videos, football matches but that doesn't concern any of you. The web-site was a cover up but really it was to broadcast IPTV, the add-on was to be able to recieve donations via Paypal.
3. It isn't for the add-on TV Guide as I stopped this (even tho I had permission and made generous donations), it's for another add-on I am building for Video on Demand which I repeat... It's coming from MY SERVER and my IP that I don't want made public, and my VOD list is held on MY SERVER and the video files are also stored on MY SERVER. And yes, I am going to charge a subscription of 2,00e each month.
4. I do have a proper job, this is my hoobie and the 2,00e I take (or I will take) which is no ones business is to pay for the server every month.
5. Why I am doing this..? Because in Spain a new law was put into place on the 1st January and the majority of public web-sites have closed due to fear of being caught, hense why I want to make this private!! I don't use advirtisments nor SPAMWARE as other sites (that don't charge) so I have to make money from charging subscription to be able to keep it running. No one complains at web-sites from hammering you with advertisments, nor the free download sites that make you wait 5 secs before downloading (they all make money from that). I do exactly the same but without adverts.
People don't pay for the code, add-on and they never have (nor with TV Guide),,, they pay for my server usage. If that was the case, I would have charged before downloading.
6. My MOD of TV Guide was changed from the original.. I only used the orignal as a template.. Then DixieDean helped modify the "download logo script".
To conclude,
before judging someone, get up-to-date information please. This is not a SCAM, people know what they are paying for and why they are paying.
So I take it no one is going to help....?
I don't bother about hiding the content from URL Helper, Wireshark etc as the vod files have a token that is only valid for the IP, MAC and has an expiry of 3 hours... I just want to hide the URL (domain) from the simple eye in the code.
I don't want to hide any other code, only my domain from github or anyone that freely downloads the code. If anyone abuses this then I could easily change the URL.
Posts: 2,078
Joined: Nov 2012
Reputation:
176
enen92
Team-Kodi Member
Posts: 2,078
2015-02-25, 21:36
(This post was last modified: 2015-02-25, 21:37 by enen92.)
I still maintain my opinion, the thing is not if it concerns me (or not) but if I do agree with what you're doing in the first place. I don't. Still any of the answers in this thread are correct. It will be always possible to reach you. It might be easier or harder but given the proper authority, it won't work.
Also consider something. You're hosting the files yourself so...streaming from your server. Even if you could do a bazilion things to hide that .xml file (that really concerns you) you should think more about the playing files. Those will be always exposed to the logs. The majority (if not all) of the users of these kind of services are just plain noobs (yeah it makes no sense to pay money for re-streaming content when certainly there are legit alternatives). This means a lot of logs will be available in public places. Writing a simple script to search for logs from users that have script.yourplugin installed is just plain simple. Probabilities that some of them will have played files are quite high. Your ip will always be exposed somehow.
Cheers