I was called to resolve a problem with the protection of the contents of a client, the problem was that somebody malicious was stealing their live streams.
He simply took the html code of the site and pasted on her website, so you may transmit the content in your blog. The player in question was not developed by me, so I did not even bother to look at the source, I decided to go directly to the Flash Media Server.
Based on the documentation from Adobe, I decided in a very simple code main.asc is as follows:
[JAVASCRIPT]
trace(“init application…”);
var VALID_REFERRER = “http://www.mydomain.com.br/mySwf.swf”;
var VALID_PAGEURL = “http://www.mydomain.com.br/myPage.html”;
application.onAppStart = function ()
{
trace(“init app…”);
trace(“onAppStart> ” + application.name + ” is starting at ” + new Date());
};
application.onStatus = function (info)
{
trace(“onStatus> info.level: ” + info.level + “, info.code: ” + info.code);
trace(“onStatus> info.description: ” + info.description);
trace(“onStatus> info.details: ” + info.details);
};
application.onConnect = function (client)
{
if ((client.referrer == VALID_REFERRER && client.pageUrl == VALID_PAGEURL))
{
trace(“acesso permitido”);
application.acceptConnection(client);
}
else
{
trace(“acesso indevido”);
application.rejectConnection(client)
}
trace(“onConnect> client.ip: ” + client.ip);
trace(“onConnect> client.pageUrl: ” + client.pageUrl);
trace(“onConnect> client.agent: ” + client.agent);
trace(“onConnect> client.referrer: ” + client.referrer);
trace(“onConnect> client.protocol: ” + client.protocol);
};
application.onDisconnect = function (client)
{
trace(“onDisconnect> client.name: ” + client.name)
trace(“onDisconnect> disconnecting at: ” + new Date());
};
application.onAppStop = function (info)
{
trace(“onAppStop> application.name: ” + application.name);
trace(“onAppStop> stopping at ” + new Date());
trace(“onAppStop> info.level: ” + info.level);
trace(“onAppStop> info.code: ” + info.code);
trace(“onAppStop> info.description: ” + info.description);
};
[/JAVASCRIPT]
The API Flash Media Server is very powerful and contains many interesting features, one of them is the ability to know where exactly the connection is coming from the swf. This passage has solved the problem with the constants declared at the beginning of the file.
[JAVASCRIPT]
if ((client.referrer == VALID_REFERRER && client.pageUrl == VALID_PAGEURL))
{
trace(“acesso permitido”);
application.acceptConnection(client);
}
else
{
trace(“acesso indevido”);
application.rejectConnection(client)
}
[/JAVASCRIPT]
In short, so the connection is made with Flash Media Server is attempting to connect comes from a SWF and HTML defined by me.
A very simple solution but it solved the problem 😀
As a last resort, the thief also copied the swf client and put into your blog 😛
References:
http://www.adobe.com/devnet/flashmediaserver/articles/protecting_video_fms.pdf
http://www.flashcomguru.com/index.cfm/2007/7/3/video-content-protection
http://www.adobe.com/devnet/flashmediaserver/articles/digital_media_protection.html
http://www.adobe.com/devnet/flashmediaserver/articles/protecting_video_fms.html
http://blogs.adobe.com/security/2007/07/how_to_protect_flash_video_wit.html
1 comment