Secure application scenario

All editions of Adobe Media Server support features that protect your content from being stolen and misused. Some features, such as true streaming, are intrinsic to the server and don’t need to be configured. Other features, such as enhanced RTMP (RTMPE), can be configured or disabled using XML configuration files. Still other features, such as controlling read and write access to specific server folders, can be custom built using client-side ActionScript and Server-Side ActionScript.

For a definitive guide to Adobe Media Server security, see Hardening guide for Adobe Media Server in the Adobe Developer Center.

All server editions offer many ways to protect video streams. This example scenario uses external authentication, encrypted Real-Time Messaging Protocol (RTMPE), and the ability to verify connecting SWF files.

External authentication

Authenticate clients against an external application server (such as a J2EE-based server) and database.

Verify SWF files

Verify SWF files by comparing connecting SWF files with a copy of the SWF file stored on the server. Only verified SWF files can access content on the server.


Encrypted Real-Time Messaging Protocol sends 128-bit encrypted data between the client and the server. A verified SWF running on the client sends a request to Adobe Media Server over RTMPE and Adobe Media Server streams live or recorded content. The stream is encrypted during transmission.

Note: A video publisher might have a very large audience, perhaps millions of users. In that case, authenticating users by application server and database is unrealistic. The publisher could eliminate the external authentication and just verify SWF files before allowing them to connect over RTMPE.