Michael Klishin wrote:
On Thursday 28 September 2006 11:21, Alex Zimin wrote: Thats what i was thinking, i built a video feeds system which first sends key information to a soap service collects a temporary session, then returns back to our system with the session for secondary authentication. what is the performance issues for a client to first obtain a session/key by sending some details over secure link to an AMF application, obtain a key return back then authenticate the temporary session into the red5 application ? AS3 byte level access to data allows you to implement features you need to secure the stream. I don't know whether laszlo supports ActionScript3 because I use Flex 2. Hey mike, i use flex aswell, there is no documentation for what you meantion, what did you mean, where could i find info ? The other problemo about storing information in the client to obtain the key with is that its easily decompiled and readable. The biggest problem faced with both flash and windows media is that the connection information is easily sniffable using a packet sniffer, so the system would obviouslly have to work around that, i have easily broken into many FMS based streaming sites just to see how secure they've been setup, and the communication isnt very obvuscated and easily to identify. Windows media is worse, the full path is exposed within the plugin, and if having to spit our dynamic asx files thats even worse. in regards to obvuscating swf files is there any good ones for AS3 ? is it worth simply loading a dynamic script in the same path as the swf to do the authenticating ? |
_______________________________________________ Red5 mailing list [email protected] http://osflash.org/mailman/listinfo/red5_osflash.org
