P. 1
Flash Media Server 3.5 Dev Guide

Flash Media Server 3.5 Dev Guide

|Views: 193|Likes:
Published by jameschu

More info:

Published by: jameschu on Dec 17, 2009
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Use properties of the Client object

When a client connects to an application, the server creates a Client object that contains information about the client
and passes it to the application.onConnect() handler in Server-Side ActionScript. You can write server-side code
to access the properties of the Client object and use the values to verify the validity of the connecting client:

application.onConnect = function( pClient ) {

for (var i in pClient) {

trace( "key: " + i + ", value: " + pClient[i] );



Check the client’s IP address

❖In main.asc, check the value of client.ip and, if needed, reject the client’s connection to the application:



Developing interactive applications

if (client.ip.indexOf("60.120") !=0) {

application.rejectConnection(client, {"Access Denied"} );


Check an originating URL

❖In main.asc, check the value of client.referrer against a list of URLs that should be denied access. Make sure
that SWF files that are connecting to your application are coming from a location you expect. If you find a match,
reject the client’s connection:

referrerList = {};

referrerList["http://www.example.com"] = true;

referrerList["http://www.abc.com"] = true;

if (!referrerList[client.referrer]) {

application.rejectConnection(client, {"Access Denied"} );


Use a unique key

1In client-side ActionScript, create a unique key, as in the following code, which concatenates the local computer
time with a random number:

var keyDate = String(new Date().getTime());

var keyNum = String(Math.random());

var uniqueKey = keyDate + keyNum;

2Send the key to the server in the connection request:

nc.connect("rtmp://www.example.com/someApplication", uniqueKey);

3The following code in the main.asc file looks for the unique key in the connection request. If the key is missing or
has already been used, the connection is rejected. This way, if a connection is replayed by an imposter, the replay
attempt fails.

clientKeyList = new Object(); // holds the list of clients by key

application.onConnect = function( pClient, uniqueKey ) {

if ( uniqueKey != undefined ) { // require a unique key with connection request

if ( clientKeyList[uniqueKey] == undefined ) { // first time -- allow connection

pClient.uniqueKey = uniqueKey;

clientKeyList[uniqueKey] = pClient;


} else {

trace( "Connection rejected" );





application.onDisconnect = function( pClient ) {

delete clientKeyList[pClient.uniqueKey];




Developing interactive applications

Use an Access plug-in

An Access plug-in intercepts incoming requests before passing them on to Flash Media Interactive Server. You can
program an Access plug-in to use any form of authentication. For more information, see Adobe Flash Media
Interactive Server Plug-in Developer Guide.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->