Adobe Flash Media Server

Verify SWF files

If desired, you can configure the server to verify client SWF files before allowing them to connect to an application. Verifying SWF files prevents someone from creating their own SWF files that attempt to stream your resources.

Note: SWF files connecting to Flash Media Administration Server cannot be verified.

In the Application.xml file, specify one or more folders on the server to hold a copy of an application's client SWF file (this is the verifying SWF file). When the client SWF file connects to the server, the server verifies it. If the SWF file is verified, it is allowed to connect to the application. You can also configure the length of time the verification data is held in the server's cache and how often the server checks for updated verifying SWF files.

Note: If you're deploying an Adobe AIR application, copy the SWF file you compiled into the AIR package to the server.

Configure SWF verification

  1. Locate the following section of the Application.xml file:
    <Application>
    ...
    <SWFVerification enabled="false">
        <SWFFolder></SWFFolder>
        <MinGoodVersion></MinGoodVersion>
        <UserAgentExceptions>
            <Exception to="" from=""/>
        </UserAgentExceptions>
        <Cache>
            <TTL></TTL>
            <UpdateInterval></UpdateInterval>
        </Cache>
    </SWFVerification>
</Application>
  2. Edit the following elements.

    Element

    Attribute

    Description

    SWFVerification

    enabled

    Set the enabled attribute to "true" or "false" to turn this feature on or off. The default value is "false".

    SWFFolder

    None.

    A single folder or a semicolon-delimited list of folders that contain copies of client SWF files for an application. These SWF files are used to verify connecting SWF files. The default value is the application's folder appended with /SWFs. For example, for an application called myApplication, if there isn't a value set for this element, verifying SWF files should be placed in the applications/myApplication/SWFs folder.

    MinGoodVersion

    None.

    Specifies the minimum version of this feature to accept. The default value is 0, which allows this and all future versions.

    UserAgentExceptions

    None.

    Container.

    Exception

    from

    to

    A user agent to except from verification. Use the from and to attributes to indicate the lowest and highest versions to except. This a string comparison, with editing to make all numeric fields equal in length. For more information, see the comments in the Application.xml file.

    Cache

    None.

    Container.

    TTL

    None.

    The time to live for the SWF file, in minutes. The default value is 1440 minutes (24 hours). If a SWF file is removed from the server, the verification values stay in the cache for 24 hours; users can connect to the application until the cache expires.

    UpdateInterval

    None.

    The maximum time in minutes to wait for the server to scan the SWFs folders for updates when there is a miss in the cache. The default value is 5 minutes, which means a SWF file copied to the SWFs folder is picked up by the server within 5 minutes.

Create verification exceptions

 Add Exception elements to the UserAgentExceptions section of the Application.xml file.

Certain applications--for example, Adobe Flash Media Encoder--don't support the form of SWF verification used by the server. You can add one or more exceptions to the SWF verification rules that allow specified user agents, such as Flash Media Encoder, to bypass SWF verification, as in the following:

<SWFVerification enabled="true">
    ...
    <UserAgentExceptions>
        <Exception to="FME/1.0" from="FME/1.0"/>
    </UserAgentExceptions>
</SWFVerification>

Verify administrative clients

 In the Root/Server/SWFVerification/SWFFolder tag in the Server.xml file, you can specify folders that hold SWF files to verify SWF files trying to connect to any application or instance on the server. You can also specify the cache values for these SWF files.

These directories are intended for administrative purposes; SWF files placed in these directories can be verified to view any application instance on the server. For example, if you created a recorded file viewer application that lets you view files from any application on the server, you could place a verifying SWF file in directory specified in the SWFFolder tag.

Create folders for the verifying SWF files

  1. If the SWFFolder value is the default, create a folder called SWFs in the application's folder on the server; for example, applications/myMediaApp/SWFs.

    SWF files in the SWFs folder verify connections to any instance of the myMediaApp application.

  2. To verify SWF files for application instances, create instance folders in the SWFs directory, for example, applications/myMediaApp/SWFs/chat01, applications/myMediaApp/SWFs/chat02, and so on.

SWF files in the SWFs directory can verify all instances of the application; SWF files within an instance folder can verify only that instance.

Note: Multiple SWF files may exist in either directory. A SWF file can be renamed and still used for verification as long as it's a copy of the client SWF file.

 

Send me an e-mail when comments are added to this page | Comment Report