[Red5devs] Simple security system

Carl Sziebert carlsz at gmail.com
Wed Sep 5 16:27:32 PDT 2007 

What about expanding the idea a bit futher to allow for roles?  Adding
roles would allow you to easily group a set of permissions and reduces
redundant definitions. You could then specify in the Red5
configuration files which users are administrators or power users and
allow permissions for each role accordingly.

One last question:  FMS restricts all sensitive APIs to their admin
app and serves it on port 1111 by default. They also require
authentication by one of the administrative users defined in the
configuration files of the server.  Using this, server admins can
block external  network traffic to port 1111 and only open 1935 to the
world.  Why not consider a similar model?

Carl

On 9/5/07, Joachim Bauch <jojo at struktur.de> wrote:
> Hey guys,
>
> I was just thinking about adding a simple security system for methods
> exposed by Red5. It probably isn't full featured for all use cases but
> should cover most of the simple ones.
>
> Right now, all methods declared as "public" can be called by clients.
>
> The change I propose adds an annotation "@DeclareProtected" that can
> be put on methods to define a permission a client needs to call it.
>
> Example:
>
> @DeclareProtected(permission="IsAdministrator")
> public void doAdministrativeStuff() {
>     // Do something...
> }
>
> Every IClient object gets two new methods:
> public Collection<String> getPermissions(IConnection conn);
> public void setPermissions(IConnection conn, Collection<String> perms);
>
> So all Red5 would need to do is check for annotated methods if the
> calling client has the required permission and if not reject the call
> with an error message.
>
> Should be an easy way to protect methods without requiring the devs
> to learn lots of new stuff.
>
> Let me know what you think.
>
> Joachim
>
> _______________________________________________
> Red5devs mailing list
> Red5devs at osflash.org
> http://osflash.org/mailman/listinfo/red5devs_osflash.org
>


-- 
Be who you are and say what you feel, because those who mind don't
matter and those who matter don't mind.
  - Dr. Seuss

More information about the Red5devs mailing list