>From what I remember, you can do it ( via FMS ) by checking the Client.referrer property and use application.rejectConnection to reject the user if Client.referrer does not equal what you want.
On Mon, May 26, 2008 at 7:24 AM, EECOLOR <[EMAIL PROTECTED]> wrote: > Hello, > > As you might know, the combination of Flash player 9.0.115 and Flash Media > Server 3 allows for swf verification. This means that the NetConnection will > be closed if the swf where the call came from will not match a physical > swf present on the server. > > If it would be clear how this is done, we can secure our backends a bit > better without logging in. We can make sure calls to a server originate from > a certain swf. > > My guess is that in 9.0.115 the rtmp protocol was changed in order to add a > signature of the swf file. On the server the same swf will be 'hashed' or > something and this signature will be checked against the incoming > connection. I have no experience with reverse engeneering a protocol. It > would be nice to check the difference between a NetConnection.connect call > from an single swf in the player < 9.0.115 and 9.0.115. > > Does any one have any ideas or tips about this? > > > Greetz Erik > > _______________________________________________ > osflash mailing list > [email protected] > http://osflash.org/mailman/listinfo/osflash_osflash.org > >
_______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
