-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,
This has probably been covered before, but I couldn't find anything about it through searching or in the documentation. So please just point me to a resource if this has been covered. I have a site that allows people to save flv files on my server. If am user id # 120 on the site, then the file saved in streams is user120.flv. This works great. However, it is extremely insecure. I pass the user id # into the swf through an html parameter. A user could simply craft their own page, initializing the swf with someone else's id, and overwrite their file. How can I protect against this? Do I have to send the user's username and password from the swf file, and then check that with a script on the red5 side? Ideas? Thanks, red5 is the best! Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFeek5mL1efSBUCaQRAv7+AKCgo2WYspTD2s1QwVeo3fnBZjOhkwCgu1OX RtYLRFsneSwiamVwuoxtfF4= =DgBA -----END PGP SIGNATURE----- _______________________________________________ Red5 mailing list [email protected] http://osflash.org/mailman/listinfo/red5_osflash.org
