EECOLOR a écrit : > Hello, > > As you might know, the combination of Flash player 9.0.115 and Flash > Media Server 3 allows for swf verification. This means that the > NetConnection will be closed if the swf where the call came from > will not match a physical swf present on the server. > > If it would be clear how this is done, we can secure our backends a bit > better without logging in. We can make sure calls to a server originate > from a certain swf. > > My guess is that in 9.0.115 the rtmp protocol was changed in order to > add a signature of the swf file. On the server the same swf will be > 'hashed' or something and this signature will be checked against the > incoming connection. I have no experience with reverse engeneering a > protocol. It would be nice to check the difference between a > NetConnection.connect call from an single swf in the player < > 9.0.115 and 9.0.115. <http://9.0.115.> > > Does any one have any ideas or tips about this?
You can try to connect to haxevideo (http://haxevideo.org) and check the log to see the parameters sent to NetConnection. However, haxevideo does not support yet AMF3 encoding so I wonder if it's available using AMF1 encoding. Nicolas _______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
