How to control which users can see which videos

Imagine you have a large 开发者_如何学运维number of video files stored on a server, and a Flex app which lets users play those videos they have access to. How can you best set this up? Wouldn't the Flex app just be sent the name of the video to play... in which case couldn't someone else write another flex app if they knew the file names? Can Flex play videos hosted on other sites? Is there some clever piece on the server I'm missing, which sits between the Flex video player and the files?

Ask users to log-in with a username and password - you can use OpenID if you want.

Update:
Set the crossdomain.xml of your server in such a way that only Flash movies from your domain can access content from there.

You can write a server-side script (in PHP or something else) that serves the file only if your user is allowed to see it (how to determine that you'll have to come up with yourself). This is a bit of a performance hit, although not so much if you use PHP's readfile().

Can Flex play videos hosted on other sites?

Your crossdomain.xml can control this. e.g. myvideoserver.com/crossdomain.xml would contain entries based on who you want to grant access to, like myflexserver.com. Then just ripping off your main flex application wouldn't give them access to your video files.