[osflash] SWF Verification
EECOLOR
eecolor at gmail.com
Mon May 26 04:24:25 PDT 2008
Hello,
As you might know, the combination of Flash player 9.0.115 and Flash Media
Server 3 allows for swf verification. This means that the NetConnection will
be closed if the swf where the call came from will not match a physical
swf present on the server.
If it would be clear how this is done, we can secure our backends a bit
better without logging in. We can make sure calls to a server originate from
a certain swf.
My guess is that in 9.0.115 the rtmp protocol was changed in order to add a
signature of the swf file. On the server the same swf will be 'hashed' or
something and this signature will be checked against the incoming
connection. I have no experience with reverse engeneering a protocol. It
would be nice to check the difference between a NetConnection.connect call
from an single swf in the player < 9.0.115 and 9.0.115.
Does any one have any ideas or tips about this?
Greetz Erik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://osflash.org/pipermail/osflash_osflash.org/attachments/20080526/65737f30/attachment.html
More information about the osflash
mailing list