[Red5] Security Features

grant@bluetube.com grant at bluetube.com
Sat Oct 22 21:46:40 PDT 2005 

I guess it all depends on how its used.  We can use something like sleepy cat for our embeded authorizations but something like that could be quiet alien to other users of red5 when they want to implement persistence or authorization.  For example lets suppose you are buiding a game and you want registered users, and users are now allowed to the next level of the game until they get a certain score, you could code all this but if we built a security engine that was "generic" this could be implemented through configuration instead of code.  We could come up with a generic table for users, but what happens when you want multiple tables on the same server but for different sets of users, something like sleepy cat could be a little alien to developers who want to create those tables and then have red5 give them access to the data.  I think the driving force behind red5 at this point is really a rtmp enabled application server, not in the J2EE sense but its the "services" and features sense and I'd like to keep it as easy to use/customize as possible...

anyway, I'll look into both sleepycat, embedded mysql and that ibm thing.. :)

Grant



----- Original Message -----
From: hank williams hank777 at gmail.com
To: Red5 at osflash.org
Sent: 10/22/05 11:30 PM
Subject: Re: [Red5] Security Features

> I am pretty sure sleepycat is *not* compatible with hibernate. It is
> really too low level a concept I think to map to hibernate.
> 
> I think you really would only use sleepycat if you dont mind it being
> a little harder, and you really want performance. In that regard it is
> unbeatable. But hibernate will kick its butt regarding ease of
> development.
> 
> Hank
> 
> On 23 Oct 2005 03:10:17 -0000, grant at bluetube.com  wrote:
> > Actually that sounds fine, with hibernate you end breaking relationships, the thing you use them for is for data integrity only,
> >
> > for example image we have a user that has 1 or more orders and each order has 1 or order items.
> >
> > in the mysql I would still do user table, order table with foreign key to user table, order items table with foreign key to orders table.  so now we can't insert an order without a valid user or insert an item without a valid order.
> >
> > In hibernate you then would create a DAO with methods like
> >
> > getUsers()
> > getUser(int userId)
> > getOrder(int orderId)
> > getUsersOrders(userId)
> > getOrderItems(orderId)
> >
> > the only downer here is hibernate supports some specific databases and I'm not sure this one is covered, I've got to tell you, hibernate is the best thing I've used since sliced bread when it comes to databases, its chopped by dev time in 1/2.
> >
> > Grant
> >
> > ----- Original Message -----
> > From: hank williams hank777 at gmail.com
> > To: Red5 at osflash.org
> > Sent: 10/22/05 11:01 PM
> > Subject: Re: [Red5] Security Features
> >
> > > Well, I have never worked with sleepycat myself, but my buddy
> > > recommended it to me and so I got the full story a year or so ago. The
> > > only reason I didnt use it is that my project spec changed and it was
> > > no longer appropriate.
> > >
> > > Regarding creating relations, sleepycat is is more low level, which
> > > makes anything possible. Basically, you create tables or databases but
> > > to create a relation in any flat system you have to do the relation
> > > manually. So lets say that you want to find all the logins for a given
> > > user, you would first look in the user table and get the user ID. then
> > > you would look in the login table for all the records that had the
> > > given user ID. It is a two step process instead of a one step process
> > > as it would be in mysql. On the other hand, I believe the sleepycat
> > > java version will return native java objects.
> > >
> > > So it is more low level, but for the task at hand it is doable.
> > >
> > > What I would do would be to create a very high level class for
> > > everything I wanted to do with a non db specific API. I would
> > > initially implement it the embedded way using whatever embedded db
> > > engine makes sense. Then (perhaps after 1.0) I would implement a JDBC
> > > way. This would give you embedability, super fast performance, and
> > > later, modularity for people that want to use an existing user
> > > database.
> > >
> > > Using something like sleepycat will be *slightly* more work upfront
> > > than mysql, but it will be faster and smaller, will require no db
> > > administration, and will be simpler to install.
> > >
> > > Regards
> > > Hank
> > >
> > > On 23 Oct 2005 02:42:02 -0000, grant at bluetube.com  wrote:
> > > > ok cool, I'll take a look, even though its flat it can represent relationships right ?  sorry if thats a dumb question but I've seen relational data put into LDAP with disasterous results :)
> > > >
> > > > Grant
> > > >
> > > > ----- Original Message -----
> > > > From: hank williams hank777 at gmail.com
> > > > To: Red5 at osflash.org
> > > > Sent: 10/22/05 10:24 PM
> > > > Subject: Re: [Red5] Security Features
> > > >
> > > > > Oh its definitely embedable.
> > > > >
> > > > > It is the most kick ass flat database on the planet. Its inside of all
> > > > > sorts of cool stuff. I cant speak directly to the java version, but I
> > > > > can say that these guys probably know more about how to make a flat
> > > > > super fast database than anyone on the planet. Its definitely usable
> > > > > for this kind of task if it suits your design goals.
> > > > >
> > > > > Regards
> > > > > Hank
> > > > >
> > > > > On 23 Oct 2005 02:18:48 -0000, grant at bluetube.com  wrote:
> > > > > > I'm not familiar with sleepy cat, I just googled it there are various versions, depending on if you need transactions etc... it doesn't look like its "embedable" but we can look more into it.
> > > > > >
> > > > > > Grant.
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: hank williams hank777 at gmail.com
> > > > > > To: Red5 at osflash.org
> > > > > > Sent: 10/22/05 10:13 PM
> > > > > > Subject: Re: [Red5] Security Features
> > > > > >
> > > > > > > Let me ask another question that might be a bit heretical.
> > > > > > >
> > > > > > > What exactly would the hairy issues be about using a flat high
> > > > > > > performance system like sleepycat?
> > > > > > >
> > > > > > > In terms of the persistent store it seems to me relational capability
> > > > > > > is totally irrelevant, and I would think that it would not be hard to
> > > > > > > build a directory with such a system.
> > > > > > >
> > > > > > > Dont throw any breakable objects!
> > > > > > >
> > > > > > > Hank
> > > > > > >
> > > > > > > On 23 Oct 2005 01:53:35 -0000, grant at bluetube.com  wrote:
> > > > > > > > cloudscape is the ibm database, unless is recently matured I'd be a bit worried about using it as it was really designed for low user use.  We used it to test our portal and once you got over 10 concurrent connections it couldn't handle it, it was really designed as a developers database.  did you have specific issues with mysql, I like it due to be it being cross platfom, highly supported, fast and free.  It runs on windows and unix (not tried it on osx).
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Grant.
> > > > > > > >
> > > > > > > > ----- Original Message -----
> > > > > > > > From: hank williams hank777 at gmail.com
> > > > > > > > To: Red5 at osflash.org
> > > > > > > > Sent: 10/22/05 9:08 PM
> > > > > > > > Subject: Re: [Red5] Security Features
> > > > > > > >
> > > > > > > > > On 23 Oct 2005 00:53:51 -0000, grant at bluetube.com  wrote:
> > > > > > > > > > So now I can breathe again I've been looking into security and need some feedback from the team, I talking mainly about authorization rather than authentication which is "what can I do" rather than "who are you".
> > > > > > > > > >
> > > > > > > > > > 1) authorization data is typically relational and although we could put it in a file based system it could get quite nasty.  I'd like to propose we use mysql and wanted to know what you guys thought.  I was thinking we could do authorization in a file based system or openLDAP that way those that don't want authorization don't need to trouble of a database.  I was also thinking that I would like to design this so you don't have to include authorization at all therefore simplifing deployment for those who don't need it, and removing the need for mysql. acegisecurity supports most databased and seems simple and non intrusive, it also supports hibernate.
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > > I know I am not on the "team" but I hope you dont mind if I contribute
> > > > > > > > > my 2cents.
> > > > > > > > >
> > > > > > > > > I personally be fine with Mysql, but I think the system should have
> > > > > > > > > some built in database with the *option* to use mysql. This way
> > > > > > > > > deployment would be easy for non mysql people but for people who want
> > > > > > > > > to integrate with an existing user database we could use it that way.
> > > > > > > > > There is an existing Java sql database which I think IBM recently made
> > > > > > > > > open source which I think might be good for this. That way you could
> > > > > > > > > still deploy with one WAR file without requiring a separate Mysql
> > > > > > > > > install.
> > > > > > > > >
> > > > > > > > > Regards
> > > > > > > > > Hank
> > > > > > > > >
> > > > > > > > > _______________________________________________
> > > > > > > > > Red5 mailing list
> > > > > > > > > Red5 at osflash.org
> > > > > > > > > http://osflash.org/mailman/listinfo/red5_osflash.org
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > _______________________________________________
> > > > > > > > Red5 mailing list
> > > > > > > > Red5 at osflash.org
> > > > > > > > http://osflash.org/mailman/listinfo/red5_osflash.org
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Red5 mailing list
> > > > > > > Red5 at osflash.org
> > > > > > > http://osflash.org/mailman/listinfo/red5_osflash.org
> > > > > >
> > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > Red5 mailing list
> > > > > > Red5 at osflash.org
> > > > > > http://osflash.org/mailman/listinfo/red5_osflash.org
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Red5 mailing list
> > > > > Red5 at osflash.org
> > > > > http://osflash.org/mailman/listinfo/red5_osflash.org
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Red5 mailing list
> > > > Red5 at osflash.org
> > > > http://osflash.org/mailman/listinfo/red5_osflash.org
> > > >
> > > >
> > > >
> > >
> > > _______________________________________________
> > > Red5 mailing list
> > > Red5 at osflash.org
> > > http://osflash.org/mailman/listinfo/red5_osflash.org
> >
> >
> >
> > _______________________________________________
> > Red5 mailing list
> > Red5 at osflash.org
> > http://osflash.org/mailman/listinfo/red5_osflash.org
> >
> >
> >
> 
> _______________________________________________
> Red5 mailing list
> Red5 at osflash.org
> http://osflash.org/mailman/listinfo/red5_osflash.org

More information about the Red5 mailing list