Help Center/ Video On Demand/ FAQs/ Security/ What Are the Differences Between HLS Encryption and Hotlink Protection?
Updated on 2022-10-24 GMT+08:00

What Are the Differences Between HLS Encryption and Hotlink Protection?

HLS encryption: TS data in the M3U8 file is encrypted. Before playback, the player requests the encryption key via the encryption key address and it can play audio and video only after the correct decryption key is obtained.

URL validation: An authentication string is added to the playback URL. Only a valid authentication URL can pass the verification and be played. Due to the validity period of the authentication string, the content can be played only within the specified validity period, which can effectively prevent unauthorized playback.

Referer validation: Only users using domain names in the whitelist or not in the blacklist can pull video resources.

Table 1 Differences

Security Mechanism

Security Measure

Characteristics

Security Level

Usage Threshold

Referer validation

Referer blacklist and whitelist

Control request sources based on HTTP request headers. However, HTTP request headers are easy to be forged.

Low

Low. This can only be configured on the console. For details, see Configuring Hotlink Protection to Control Who Can Play Media.

URL Validation

URLs that expire

Append a time-sensitive authentication string to the playback URL.

Medium

Low. After this is configured on the console, an authentication URL can be directly obtained from the console or created by setting parameters. For details, see Configuring Hotlink Protection to Control Who Can Play Media.

HLS encryption

HLS AES encryption

Content is encrypted with the AES-128 standard. All HLS players are supported.

High

High. You need to deploy the Key Management Service (KMS) and token generation service. For details, see Protecting Videos with HLS Encryption.