Simple protection of content from Flash Media Server
I was called to resolve a problem with the protection of the contents of a client, the problem was that somebody malicious was stealing their live streams.
He simply took the html code of the site and pasted on her website, so you may transmit the content in your blog. The player in question was not developed by me, so I did not even bother to look at the source, I decided to go directly to the Flash Media Server.
Based on the documentation from Adobe, I decided in a very simple code main.asc is as follows:
-
trace("init application...");
-
-
var VALID_REFERRER = "http://www.mydomain.com.br/mySwf.swf";
-
var VALID_PAGEURL = "http://www.mydomain.com.br/myPage.html";
-
-
application.onAppStart = function ()
-
{
-
trace("init app...");
-
trace("onAppStart> " + application.name + " is starting at " + new Date());
-
};
-
-
application.onStatus = function (info)
-
{
-
trace("onStatus> info.level: " + info.level + ", info.code: " + info.code);
-
trace("onStatus> info.description: " + info.description);
-
trace("onStatus> info.details: " + info.details);
-
};
-
-
application.onConnect = function (client)
-
{
-
if ((client.referrer == VALID_REFERRER && client.pageUrl == VALID_PAGEURL))
-
{
-
trace("acesso permitido");
-
application.acceptConnection(client);
-
}
-
else
-
{
-
trace("acesso indevido");
-
application.rejectConnection(client)
-
}
-
trace("onConnect> client.ip: " + client.ip);
-
trace("onConnect> client.pageUrl: " + client.pageUrl);
-
trace("onConnect> client.agent: " + client.agent);
-
trace("onConnect> client.referrer: " + client.referrer);
-
trace("onConnect> client.protocol: " + client.protocol);
-
};
-
-
application.onDisconnect = function (client)
-
{
-
trace("onDisconnect> client.name: " + client.name)
-
trace("onDisconnect> disconnecting at: " + new Date());
-
};
-
-
application.onAppStop = function (info)
-
{
-
trace("onAppStop> application.name: " + application.name);
-
trace("onAppStop> stopping at " + new Date());
-
trace("onAppStop> info.level: " + info.level);
-
trace("onAppStop> info.code: " + info.code);
-
trace("onAppStop> info.description: " + info.description);
-
};
The API Flash Media Server is very powerful and contains many interesting features, one of them is the ability to know where exactly the connection is coming from the swf. This passage has solved the problem with the constants declared at the beginning of the file.
-
if ((client.referrer == VALID_REFERRER && client.pageUrl == VALID_PAGEURL))
-
{
-
trace("acesso permitido");
-
application.acceptConnection(client);
-
}
-
else
-
{
-
trace("acesso indevido");
-
application.rejectConnection(client)
-
}
In short, so the connection is made with Flash Media Server is attempting to connect comes from a SWF and HTML defined by me.
A very simple solution but it solved the problem 
As a last resort, the thief also copied the swf client and put into your blog 
References:
http://www.adobe.com/devnet/flashmediaserver/articles/protecting_video_fms.pdf
http://www.flashcomguru.com/index.cfm/2007/7/3/video-content-protection
http://www.adobe.com/devnet/flashmediaserver/articles/digital_media_protection.html
http://www.adobe.com/devnet/flashmediaserver/articles/protecting_video_fms.html
http://blogs.adobe.com/security/2007/07/how_to_protect_flash_video_wit.html
Flash, Flash Media Server | Leonardo França | 
March 5, 2010 2:27 pm
1 Comment
Other Links to this Post
RSS feed for comments on this post. TrackBack URI
Subscribe
By radhu karthi, March 31, 2010 @ 9:32 am
hi
i follow the steps of your Integrating Flex with Java using BlazeDS – first steps
i create all files to folow your url
but i got error at compilation time
the error is
Error: Type was not found or was not a compile-time constant: ContatosVO.
could u help me to suggest to solve problems
reg
radhukarthi