Red5 安全教程
我正在寻找有关保护 Red5 免受入侵的分步教程。这似乎是一个在谷歌搜索中经常出现的问题,但从未以对普通 Flash 开发人员有意义的方式得到真正的回答。
I am looking for a step by step tutorial on securing Red5 from intrusion. This seems to be a question that comes up alot in a google search, but is never really answered in a way that makes sense to your average flash developer.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您可以使用安全框架保护 red5 的发布、播放或共享对象的安全。在这种情况下,客户端并不重要,但如果您想保护 oflaDemo,则需要在后端添加安全挂钩。这是您需要的教程:
http://wiki.red5.org/wiki/Documentation/UsersReferenceManual/ Red5CoreTechnologies/04-安全
更深入的安全教程在这里:
http://wiki.red5.org/wiki/Documentation/Tutorials/Red5AndAcegiSecurity
一个简单的阻止播放的例子如下:
<代码>
The security class should be added when your application starts, so I suggest that you put it in your application adapters "appStart" method like so:
@Override public boolean appStart(final IScope app) { //register our stream security classes registerStreamPlaybackSecurity(new PlaybackSecurity(applicationContext)); //pass control back to super return super.appStart(app); }CRAM authentication with Red5 tutorial and source: http://blog.infrared5.com/2012/05/red5-authentication/
You can secure red5 for Publishing, Playback, or SharedObjects using the security framework. The client does not matter in this case, but if you want to secure oflaDemo for instance you will need to add the security hooks on the backend. Here is the tutorial that you need:
http://wiki.red5.org/wiki/Documentation/UsersReferenceManual/Red5CoreTechnologies/04-Security
A more in-depth security tutorial is here:
http://wiki.red5.org/wiki/Documentation/Tutorials/Red5AndAcegiSecurity
A simple example to block playback is as follows:
public class PlaybackSecurity implements IStreamPlaybackSecurity { @Override public boolean isPlaybackAllowed(IScope scope, String name, int start, int length, boolean flushPlaylist) { //start out denied boolean allowed = false; //get the current connection IConnection conn = Red5.getConnectionLocal(); //token to use for auth Long token = -1L; if (conn.hasAttribute("token")) { //get a 'token' we stored on their connection from elsewhere token = conn.getLongAttribute("token"); //validate the token in some way if (token > 0L) { allowed = true; } } //return allowed or denied state return allowed; } }The security class should be added when your application starts, so I suggest that you put it in your application adapters "appStart" method like so:
@Override public boolean appStart(final IScope app) { //register our stream security classes registerStreamPlaybackSecurity(new PlaybackSecurity(applicationContext)); //pass control back to super return super.appStart(app); }CRAM authentication with Red5 tutorial and source: http://blog.infrared5.com/2012/05/red5-authentication/
您无法从客户端保护后端,OflaDemo 是一个演示应用程序,而不是生产应用程序。默认情况下,Red5 不允许全局连接,因此如果您只运行自己的应用程序,则可以实现您希望的任何类型的安全性。
不,实际上不需要(也没有用)尝试仅在防火墙级别管理安全性。 API 允许限制用户访问 red5 的各种用途。
You cannot secure the backend from the client side, OflaDemo is a demo app, not a production one. By default, Red5 disallows global connections, so if you only run your own application, you can implement whatever kind of security you wish.
No, it is actually not needed (and not useful) to try to manage security only on firewall level. The API permits restricting user access to the various kinds of usage of red5.