一、开发交互式的媒体应用程序
1.使用unique key
a. 在客户端ActionScript中创建一个unique key,如下代码所示,unique key的组成为本地电脑时间和一个随机数连接起来的字符串.
var keyDate = String(new Date().getTime());
var keyNum = String(Math.random());
var uniqueKey = keyDate+keyNum;
b. 在连接请求中将这个unique key发送给服务器
nc.connect("rtmp://www.example.com/someApplication", uniqueKey);
c. 下面的在main.asc文件中的代码在连接请求中寻找这个unique key.假如key丢失了或者已经被使用,连接会被服务器拒绝.
clientKeyList = new Object(); // holds the list of clients by key
application.onConnect = function( pClient, uniqueKey ) {
if ( uniqueKey != undefined ) { // require a unique key with connection request
if ( clientKeyList[uniqueKey] == undefined ) { // first time -- allow connection
pClient.uniqueKey = uniqueKey;
clientKeyList[uniqueKey] = pClient;
this.acceptConnection(pClient);
} else {
trace( "Connection rejected" );
this.rejectConnection(pClient);
}
}
}
application.onDisconnect = function( pClient ) {
delete clientKeyList[pClient.uniqueKey];
}
2.使用Access Plugin
3.使用FlashPlayer版本
你可以保护你的内容不被运行在非FlashPlayer的客户端访问,以从服务端得到的user agent string为基础. user agent string能够识别客户端平台和FlashPlayer的版本.例如
WIN 8,0,0,0
MAC 9,0,45,0
两种方法获得这些字符串:
Virtual keys 参考Multiple bit rate switching andVirtualKeys.
Client.agent 通过服务端ActionScript验证连接
application.onConnect = function( pClient ) {
var platform = pClient.agent.split(" ");
var versionMajor = platform[1].split(",")[0];
var versionMinor = platform[1].split(",")[1];
var versionBuild = platform[1].split(",")[2];
}
// output example
// Client.agent: WIN 9,0,45,0
// platform[0]: "WIN"
// versionMajor: 9
// versionMinor: 0
// versionBuild: 45
4.核实连接的SWF文件
你可以配置服务端以在客户端连接上服务端应用之前证实客户端的真实性.核实SWF文件以防止有些人创建他们自己的SWF文件来访问你的资源,Flash Player 9 Update 3以上版本支持SWF核实功能.参见:ConConfiguration and Administration Guide. 一章
5.允许或者拒绝来自特定域的连接
假如你知道某个域的连接是合法的,你就可以将他们添加到白名单.相反的,你可以将那些非法域假如黑名单
你可以在Adaptor.xml文件中加入一个包含域名的静态列表.参见Adobe Flash Media Server Configuration and Administration Guide.
你也可以把这些列表保存在服务端代码和文件中.在下面的例子中,一个文件名为bannedIPList.txt的文件包含了一个排除IP地址的列表.
// bannedIPList.txt file contents:
// 192.168.0.1
// 128.493.33.0
function getBannedIPList() {
var bannedIPFile = new File ("bannedIPList.txt") ;
bannedIPFile.open("text","read");
application.bannedIPList = bannedIPFile.readAll();
bannedIPFile.close();
delete bannedIPFile;
}
application.onConnect = function(pClient) {
var isIPOK = true;
getBannedIPList();
for (var index=0; index<this.bannedIPList.length; index++) {
var currentIP = this.bannedIPList[index];
if (pClient.ip == currentIP) {
isIPOK = false;
trace("ip was rejected");
break;
}
}
if (isIPOK) {
this.acceptConnection(pClient);
} else {
this.rejectConnection(pClient);
}
}
另外,你可以创建服务端代码来检测来自特定域的请求是否太快:
application.VERIFY_TIMEOUT_VALUE = 2000;
Client.prototype.verifyTimeOut = function() {
trace (">>>> Closing Connection")
clearInterval(this.$verifyTimeOut);
application.disconnect(this);
}
function VerifyClientHandler(pClient) {
this.onResult = function (pClientRet) {
// if the client returns the correct key, then clear timer
if (pClientRet.key == pClient.verifyKey.key) {
trace("Connection Passed");
clearInterval(pClient.$verifyTimeOut);
}
}
}
application.onConnect = function(pClient) {
this.acceptConnection(pClient);
// create a random key and package within an Object
pClient.verifyKey = ({key: Math.random()});
// send the key to the client
pClient.call("verifyClient",
new VerifyClientHandler(pClient),
pClient.verifyKey);
// set a wait timer
pClient.$verifyTimeOut = setInterval(pClient,
$verifyTimeOut,
this.VERIFY_TIMEOUT_VALUE,
pClient);
}
application.onDisconnect = function(pClient) {
clearInterval(pClient.$verifyTimeOut);
}
以上这段代码的具体意思有待考证....