Al Melquist wrote: > HORAAY! > > I agree. White hats are ok but if you hit a homerun app and have a ton > of people using Red 5 server on or worse off site managed/unmanaged - > this could attract black hats. And is the reason we have not made our > live video share public yet. > > Last week I had to add md5 to admin login etc to an open source project > config file (sitting exposed out on the edge) because the developer > community did not think of security. > > I think everyone is so into getting app's to work and your all so > friendly to each other - you forget black hats are out there to cause > havoc. > Black hats are always out there, hence the need to firewall your server and ip filter ssh etc ;)
The main need for it arises in the fact most clients like flash and windows media expose their server urls and interaction, the windows media player is worse, it will expose the raw link. And the worst of it is, coding an auth plugin for it is painful, you have to be a DRM expert to know how to code it as the api is poorly documented then you need to know MS c++ to plug it into the console so I never managed to do it. I think doing it in Red5 should be easy enough, I made some suggestions for how it may work in functionality in a thread last week. _______________________________________________ Red5 mailing list [email protected] http://osflash.org/mailman/listinfo/red5_osflash.org
