Yes. Never ever show it to anyone. As soon as you do, all bets are off (for less paranoid answer, see last paragraph).
This is the common problem with copy protection: you are unable, by any means, to distinguish between a legitimate user and an adversary (as they may even be the same person).
Edit: re “my users can able to watch the video. but they must not be able to download that video”
Let’s try and disassemble this:
- the user clicks the mouse on your player’s “Play” button
- the click goes through the computer’s OS to your player
- the player sends a request through the network “send me teh videos” to your server
- (this, by definition, requires that the request goes through the whatever networking stack the user’s computer has)
- the server, if it decides that it’s a legitimate player, begins sending data to the user’s computer.
- (this, also by definition, means, that the user’s computer is “downloading” the data)
- *the data comes through the network into the computer (although capturing the data at this stage is more practical for the NSA than for a user)
- *the OS handles the lower data layers (i.e. “this is a data packet, from $yourserver to me, and should be passed on to $yourapp”)
- *the OS passes the data to the app that requested it
- the player receives the data
- *the player transforms the data into a sequence of images (a.k.a. a video) and a sound track
- *the player sends the images to the OS’s display subsystem, or saves it to disk
- *the display system transforms the images into a format the screen understands
- *the images flow through a cable into the screen
- *the images are displayed on the screen (at which point they exit the computer in form of light)
- the light reaches the user’s eyes
Your video can be intercepted (and/or modified) at every point marked with * (although quality of the copy may decrease, esp. when capturing the analog output). Unless you can somehow eliminate each and every of those (good luck with the last one), all you can do is make the data capture/transform more complex. There’s a whole industry built around these “weak points” (google “stream ripping” to see for yourself).
You can complicate the capture with various DRM technologies, but in the end, the data stream must become analog video and analog audio (a.k.a. light and sound) somewhere.
However, if you don’t care that a determined user will bypass your protection, and if it’s enough to protect the video from 90% of users, I believe the Real formats that you mentioned do have some flag “don’t allow save”. This will disable the “save as” option in the player (i.e. the “or saves it to disk” option above); for most users, this will be a significant enough barrier. Anything more will probably inconvenience and anger 100% of your users, while not providing significantly more protection.