Simple protection of content from Flash Media Server

I was called to resolve a problem with the protection of the contents of a client, the problem was that somebody malicious was stealing their live streams.
He simply took the html code of the site and pasted on her website, so you may transmit the content in your blog. The player in question was not developed by me, so I did not even bother to look at the source, I decided to go directly to the Flash Media Server.
Based on the documentation from Adobe, I decided in a very simple code main.asc is as follows:
[JAVASCRIPT]
trace(“init application…”);

var VALID_REFERRER = “http://www.mydomain.com.br/mySwf.swf”;
var VALID_PAGEURL = “http://www.mydomain.com.br/myPage.html”;

application.onAppStart = function ()
{
trace(“init app…”);
trace(“onAppStart> ” + application.name + ” is starting at ” + new Date());
};

application.onStatus = function (info)
{
trace(“onStatus> info.level: ” + info.level + “, info.code: ” + info.code);
trace(“onStatus> info.description: ” + info.description);
trace(“onStatus> info.details: ” + info.details);
};

application.onConnect = function (client)
{
if ((client.referrer == VALID_REFERRER && client.pageUrl == VALID_PAGEURL))
{
trace(“acesso permitido”);
application.acceptConnection(client);
}
else
{
trace(“acesso indevido”);
application.rejectConnection(client)
}
trace(“onConnect> client.ip: ” + client.ip);
trace(“onConnect> client.pageUrl: ” + client.pageUrl);
trace(“onConnect> client.agent: ” + client.agent);
trace(“onConnect> client.referrer: ” + client.referrer);
trace(“onConnect> client.protocol: ” + client.protocol);
};

application.onDisconnect = function (client)
{
trace(“onDisconnect> client.name: ” + client.name)
trace(“onDisconnect> disconnecting at: ” + new Date());
};

application.onAppStop = function (info)
{
trace(“onAppStop> application.name: ” + application.name);
trace(“onAppStop> stopping at ” + new Date());
trace(“onAppStop> info.level: ” + info.level);
trace(“onAppStop> info.code: ” + info.code);
trace(“onAppStop> info.description: ” + info.description);
};
[/JAVASCRIPT]
The API Flash Media Server is very powerful and contains many interesting features, one of them is the ability to know where exactly the connection is coming from the swf. This passage has solved the problem with the constants declared at the beginning of the file.
[JAVASCRIPT]
if ((client.referrer == VALID_REFERRER && client.pageUrl == VALID_PAGEURL))
{
trace(“acesso permitido”);
application.acceptConnection(client);
}
else
{
trace(“acesso indevido”);
application.rejectConnection(client)
}
[/JAVASCRIPT]
In short, so the connection is made with Flash Media Server is attempting to connect comes from a SWF and HTML defined by me.
A very simple solution but it solved the problem 😀
As a last resort, the thief also copied the swf client and put into your blog 😛

References:
http://www.adobe.com/devnet/flashmediaserver/articles/protecting_video_fms.pdf
http://www.flashcomguru.com/index.cfm/2007/7/3/video-content-protection
http://www.adobe.com/devnet/flashmediaserver/articles/digital_media_protection.html
http://www.adobe.com/devnet/flashmediaserver/articles/protecting_video_fms.html
http://blogs.adobe.com/security/2007/07/how_to_protect_flash_video_wit.html

Was this article helpful? feel free to make a donation and help keep the blog in the air
Flash, Flash Media Server ,

1 comment


  1. radhu karthi

    hi
    i follow the steps of your Integrating Flex with Java using BlazeDS – first steps

    i create all files to folow your url

    but i got error at compilation time
    the error is
    Error: Type was not found or was not a compile-time constant: ContatosVO.
    could u help me to suggest to solve problems
    reg
    radhukarthi

Leave a Reply