Hi Mike, as you mentioned passing values without any validation to your application isnt a good idea. this gaves the user a lot of space to cheat your application. Probably you can adapt my solution for your needs. Ive a db table with username, password, unique ID, sessionID On the website the users are logging in and if the user passed the authentification aim saving the current session id in this table. than i build a md5 hash out of md5($id.$sessionid.$username.$ipaddress) this hash and the userid aim passing to red5 where i perform str_db_sql = "SELECT md5(concat(CustID,CustSessionID,CustLoginName,'"+str_clientip+"')) ";
str_db_sql += "AS hash FROM customer WHERE CustLoginName='" + str_userName + "';"; Important: the session has to expire when the browser is closed. Any additional value you may need you should have in this table. I guess this is pretty secure! What do think about it? Hey list, what do you think too? Is it cheatable? greets -Adam-
_______________________________________________ Red5 mailing list [email protected] http://osflash.org/mailman/listinfo/red5_osflash.org
