Manualshelf

Installation guide

ManualsBrandsMACROMEDIA ManualsComputer equipmentFLASH MEDIA SERVER 2-SERVER-SIDE ACTIONSCRIPT LANGUAGE
41424344454647484950
Locking down your content
Regardlessofthesensitivityorownershipofyourcontent,you’llwanttoimplementsomelevelof
securitywhendeployingtotheweb.It’sbesttobeginbysecuringyourserver,thensecuringyour
content.Letsexamineeachofthesecuritymeasuresyoucantakeinmoredetail.
Restrict access from domains
Bydefault,aclientcanconnecttoFlashMediaServerfromanydomainorIPaddress,whichcan
beasecurityrisk.Youcancreateawhitelistofalloweddomains(orablacklistofbanned
domains)toensurethatonlyauthorizedclientscanconnecttoyourapplicationsorservices.You
canaddacomma-delimitedlistofdomainsand/orIP-addressblocksintheA dap tor.x ml or
vHost.x ml conguration les to add this level of security. is is usually the rst step in
locking down your server; it prevents malicious or unauthorized domains from freely accessing
your applications and streams.
User authentication
ere are several methods of user authentication available with Flash Media Server 3. We will
discuss the server-side ActionScript method.
Server-side ActionScript
e next step to increase security would be to implement a user authentication scheme to
validate the connecting client. For example, using variables passed in through the client
NetConnectionmethod,youcouldimplementasimpleusername/password,anencryptedtoken
(MD5Hash),orauniquekey:
• Usercredentials(login/password):
NetConnection.connect(“rtmp..., u s e r n a m e ”, p a s s w or d);
• Encryptedtoken(MD5Hash):
NetConnection.connect(“rtmp..., 6aef79f07bc8f23c38e8979f3630f436);
• Uniquekey:
NetConnection.connect(“rtmp..., 349jh3k4324h9.234234098);
en,ontheserver-side,FlashMediaServerwouldbeabletointegratewithwebservices(SOAP),
FlashRemoting,XML,HTTPPost(loadVars)orsimpleleaccess,tovalidatetheclientbased
on the data sent. is authentication scheme could be as simple as checking login information
againstadatabase,orascomplexascreatinganSSL-basedtokensystemusingColdFusion.
Access adaptor plug-in
Improved feature in Flash Media Interactive Server; requires Flash Player 6 or later.
Anaccessadaptorisaserverplug-inwritteninC++thatinterceptsconnectionstotheserver,
and determines whether requests should be accepted, rejected, or redirected before the requests
reach the server’s script layer. You can create custom logic in the access adaptor to handle client
connection requests. For example, you could query your account database upon client login, and
then update the database record aer the client connection was accepted.
e access adaptor can be congured to accept or reject requests based on the number of clients
currently connected or the amount of bandwidth currently being consumed. You can also set
read and write access for les and folders on the server, set permissions to access audio and video
bitmap data, and inspect client properties through the access adaptor.
When you use the access adaptor, you are actually catching the connection before it is processed
byFlashMediaServer.Forthisreason,youarelimitedtotrappingonlytheconnectionevents.If
you want to apply additional rules aer the connection is established, you would need to
congure an authorization adaptor.
Note: There can only be one Access plug-in per Flash Media Interactive Server installation.
50