Share via


Using Secure Sockets when Downloading Playlists

It is recommended that you use Secure Sockets Layer (SSL) when any of the following are used in the query string of an httpd URL.

  • %UserName%

  • %PublishingPointPath%

  • %UserCookie_CookieName%

The preceding strings allow you to send sensitive information that can be captured by unauthorized individuals who are monitoring your network connection. For example, if you send %PublishingPointPath% to the Web server in clear text, you are effectively divulging your file system architecture. To use SSL, connect to the Web server by using httpsd in the URL rather than httpd. This is illustrated by the following example.

    <?wsx version="1.0"?>
    <smil>
        <media src="httpsd://web_server/playlist.asp?
              User=%UserName%&amp;
              UserID=%UserID%&amp;
              ClientIP=%UserIP% />
    </smil>

SSL is an established standard for ensuring secure HTTP transactions. SSL provides a mechanism to perform encryption on transactions between the client and server. Typically, it enables the client to verify that the server belongs to a trusted entity by using server certificates, and it enables the server to confirm the identity of the client by using client certificates. However, Windows Media Services does not support client certificates. Therefore, to use SSL, you must connect to a Web server that has a valid server certificate and does not require client authentication. The administrator of the Web server can acquire a certificate from a trusted certification authority, or the administrator can use Certificate Services in Windows to create a certification authority to issue and revoke certificates. For more information about Certificate Services, see Windows Help and Support.

See Also

Concepts

Downloading a Playlist from a Web Server