Protect video content (Flash Media Server)
Stream capture software providers are trying many ways to capture and archive video delivered to Adobe Flash. Today, few of these "rippers" support RTMP (Real-Time Messaging Protocol) – the protocol Adobe Flash Media Server (FMS) uses. To help prevent the ripping of video streamed through Flash, Adobe created the RTMPE protocol -- a real-time encryption solution -- and SWF Verification. These new technologies were introduced in Flash Media Server 3.0 and Adobe Flash Player 9.0.115. Today, over 86% of Internet-connected computers have adopted this Flash Player version, and all Content Delivery Networks (CDN) support Flash Media Server 3.
RTMPE and RTMPTE (the tunneled version) can be combined with SWF Verification to help provide additional content protection. This document discusses those methods in more detail.
There are two ways to help prevent this activity:
Flash Media Server can verify SWF files running in Flash Player or AIR files running in Adobe AIR after the client connects to an application. Flash Media Server disconnects any Flash player or AIR application sending invalid bytes. This verification ensures that only your SWF files or AIR files can connect to your application or content on Flash Media Server. SWF verification requires at minimum Flash Media Server 3.0 and Flash Player 9.0.115 or AIR 1.0.
For optimal security, enable the SWF Verification functionality and ensure that the <FinalHashTimeout> tag is configured. The <FinalHashTimeout> tag specifies the maximum time (in seconds) that the server is willing to wait to receive the last SWF Verification byte. Flash Media Server disconnects the client if it does not receive all the SWF Verification bytes within this timeout.
<Application> <SWFVerification enabled="true"> <SWFFolder></SWFFolder> <FinalHashTimeout>20</FinalHashTimeout> </SWFVerification> </Application>
Adobe released a Flash Media Server Developer Center article that contains several alternate solutions for protecting content against replay attacks and other forms of theft.
Use one of the following methods to disable any non-RTMPE connections:
*These solutions are only applicable for Flash Media Interactive Server (FMIS) edition.
Flash Media Server 3.0.3 and 3.5.1 introduced the Application.xml <DisallowedProtocols> tag to allow administrators to restrict application access by connection protocols. This tag accepts a comma delimited list of protocols to reject connection attempts. Any protocols not listed are allowed. Adobe recommends specifying RTMP and RTMPS to allow only client connections over RTMPE:
<DisallowedProtocols>rtmp, rtmps, rtmpt</DisallowedProtocols>
Note: The comma delimited list is not case-sensitive.
To deploy this solution on Flash Media Interactive Server, your application requires custom Server-Side ActionScript (for example, main.asc). It's recommended that only experienced developers deploy and test this solution.
application.onConnect = function(clientObj) { //only allow rtmpe and rtmpte connections if(clientObj.protocol == "rtmpe" || clientObj.protocol == "rtmpte"){ return true; } return false }
Sign in to your account