I believe I could authenticate a client when it connects because the connection (and is client) is passed to the ApplicationAdapter's appConnect() method. But when you call a method from the flash client, the RTMPHandler's invokeCall() doesn't forward the connection (and client) to the method. How do I know who is executing that method? Do I need to modify the Red5 code? Is there a way to inject a check at the RTMPHandler via AOP? Do these questions make sense? :)
----- Original Message ----- From: Roberto Saccon <[EMAIL PROTECTED]> Date: Friday, June 16, 2006 12:46 pm Subject: Re: [Red5] Security Question To: [email protected] > You need to add authentication. When connecting, the client need to > pass some extra arguments (such as user/password or HTTP session ID > from cookie) encoded into the connection url, then I think its > easy to > find out who called what, but you need to do some serverside coding > ... > > On 6/16/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > How do I know who (what client) is executing a server side > method from > > a flash client? If a connected flash client executes the method > > _connection.call("Server.someServerMethod", null, param1 ); > > on that connection, how do I know who that client is? Is it > possible> so that I can see if that user is allowed to execute it? > -David > > > > > > > > _______________________________________________ > > Red5 mailing list > > [email protected] > > http://osflash.org/mailman/listinfo/red5_osflash.org > > > > > -- > Roberto Saccon > > _______________________________________________ > Red5 mailing list > [email protected] > http://osflash.org/mailman/listinfo/red5_osflash.org > _______________________________________________ Red5 mailing list [email protected] http://osflash.org/mailman/listinfo/red5_osflash.org
