WebRTC and unwanted download of a file - webrtc

Theortical question here.. Is it possible that WebRTC would be misused to push files to everyone browsing the site?
Here's a scenario:
A malicious player shares a malicious file via a WebRTC platform and once someone has browsed that platform that file would be pushed into his system and preform its malicious act.
I know that when trying to access the webcam, WebRTC asks for the users permission, is it the same with file sharing?

Javascript doesn't have APIs that execute a file on the users system, for a number of good reasons.
WebRTC doesn't add such an API (and in itself, does not have a filesharing API).

Related

How to obtain list of Music Sources from the Sonos household?

I am trying to get a list of music services to which the Sonos household has a subscription. Is it possible to obtain such information from HTTP API or from any other source? If yes, then under what conditions?
I have analyzed the traffic between the Sonos Connect and Windows Sonos Controller. I discover, that information about music services is transmitted from Connect to Controller inside the ThirdPartyMediaServersX tag of the NOTIFY HTTP request. But this content is encoded in the base64-like cipher.
<e:propertyset xmlns:e="urn:schemas-upnp-org:event-1-0">
<e:property>
<ThirdPartyMediaServersX>
2:oZoYgaU5pqEq6IauQ1hYVS0oCUJnqbCkJL1vXP/DoeijejEwUBQT8UG0CksUG9VcarvLhCyElhKTUjfhQt0SAcV2oBOyLJ5BCmjd7TcJfPrVuTGHczd5/AS2tgj85n0U9yU9EwwHROFb5uV09syZNLVaZuJnENCWRKatIq1SNMm1SE4tHneLG6ULQoDOR50nf7TwyRQbkit8Bvy+kZyNPlrgBZFGmizoRmYjW8COFvHJpZhREEGruhQ2J6A8gnQOWyFzstAyHNZeLqp2xcNGnts6f2DQ56r/ducstbibFH0SZOZC0XM/BB4DvOT8UalezPL0R9/s8Jibm5T6mS1FWk14GWg2RMmRBIVE5G/gG2c=
</ThirdPartyMediaServersX>
</e:property>
</e:propertyset>
I expect to obtain list of music services, but the actual list were hidden.
As you figured out, Sonos disabled this functionality some time ago.
I've spend a lot of time figuring out how it works, and I now have a "work-a-round". External music services describes what to do.
And sonos-ts has support for external music services. If you read my first link and check the code in this library you should probably be able to figure out how to do that in your programming language.
I know this is no access to the list that is kept by Sonos, but this work-a-round also saves the tokens on the device for every client application to use.
Recently I've found someone who build an music service emulator. So that are both sides of external music services.
This is not supported by the Sonos API.

Soundcloud API Download

I am asking this here because Soundcloud does not have support. I going to build a website that people can purchase audio files from using Soundcloud to download the files (and stream before buy). I want to be able to access the download file link in the Soundcloud API without the download link being enabled and showing on the Soundcloud UI. I can't seem to find this info in the Soundcloud API docs. I am going to have a Paypal redirect after the payment to the download link. I know this is a weird way of doing this but I have certain criteria I have to meet. I would host the audio files on my server but they are huge. Anyone have experience with this or can help?
im not sure its possible to do what you want. (very easily at least)
there would be no way for the purchaser to access the 'download' track on soundcloud directly unless downloads are specifically enabled for that track.
really the only way to not host the files and still be able to provide the download would be to use the api to download or proxy the track from soundcloud to your server, using your credentials (because you always have access to your own tracks, download or stream). mind you this would use 2x the bandwidth usage (the server getting the track from soundcloud, and the client downloading the track), and storage space would only be impacked on a temporary bases. but. this is a pretty hacky way and not really a good/proper solution.
you can:
-compress/re-encode the audio as to not use as much disk space
-pay for more storage space at your web host, its usually pretty cheap thse days.
So you want to charge on something free? Well, I think all the downloader out there are middleware where they stream the track from soundcloud and response to client as attachment upon request, one of many examples is http://wittysound.com. Cheapest way to get thing done is providing direct link to soundcloud server like what http://soundflush.com does

Is there a callback in Dropbox API when file upload (sync) starts?

I am creating a web service that mashes up Dropbox, Soundcloud and Wordpress.
I need a callback when user places a file in his Dropbox folder so that I can update the browser user interface. Since it is possible to ask for a download link locally before a file is completely synced, I naturally expect it to be possible to get a callback when file sync has started on a file-by-file basis.
However according to what I experienced /delta only shows files that have finished syncing.
Is there a way to know when file sync starts? If it is not possible via Core API, could it be possible with a small client applet (java or something)?
The Dropbox API doesn't currently expose any notion of a pending upload or file sync status. It can only return information about files that have finished uploading.
Likewise, even with a client app running on the same OS, there currently isn't an interface for communicating with the official Dropbox desktop client to get this information.

can I ftp-upload a file from my web page?

Is there a client or plugin that allows me to put a frame/upload field on my web site that will let my users upload files to my ftp server without an ftp client software of their own? Preferrably one where I can pre-configure the ftp username/password automatically (from data I have stored about the logged-in user)?
In a digital signage solution we let users upload video files to their account, and currently have the solution of uploading via ftp (the file is then renamed and moved, users can NOT use this feature to share video files. Furthermore it is solely about videos they themselves made, no license breakage. Just as a disclaimer =)
try third-party software like uploadify, or a service like http://www.net2ftp.com/ which can be somewhat integrated with php.

Making a Youtbe video exclusive on my website

I have a Youtube video set to private so nobody can watch it via Youtube or the embedded player. However I do want people be to be able to watch it on my website. The goal is to make the video available exclusively on my website for a while before I open it to the world. I was thinking to login to my Youtube account seemlessly using Youtube's API and log out after the video's finished but that doesn't make security sense. What's your take on that?
I agree with your intuition. Making the private sharing secure seems tricky at best. Although the Data API has procedural authentication options, I don't think Player API has that facility. Furthermore even if it did, it's hard to see how it might work without exposing your password.
Your best bet is probably to directly host the video on your website. You would use your website's authentication for restricting access limited release video. Then when your ready for the public release you can either switch to YouTube hosting or relax the authentication of your self hosting. The Video for Everybody site has examples of several options for self hosting of videos.