I have a site which plays some movies behind a password protection page.
The movie files are hosted on Amazon S3 and set to private
I'm using the FV flowplayer plugin and have put in my accesskey and secret access key.
If I then look at the source of the movie page I get a url:
Which anyone can then paste into a browser to watch the movie.
Am I missing something here? I thought the whole point of private files was that the keys are hidden so users can't access the files directly.
Is there another way to keep the movies secure so they can only be watched when logged into my site?