SWF verification, how cool is that!
Flash Media Server 3 includes functionality to verify that a connecting SWF has not been modified by a third party:
"If desired, you can configure the server to verify client SWF files
before allowing them to connect to an application. Verifying SWF files
prevents someone from creating their own SWF files that attempt to
stream your resources."
This feature works only in FP 9.0.115, so I guess the Player performs some kind of checksum on the running SWF when a certain AMF3 connection is opened (or the server requests for the checksum to be computed). The great thing about this is that this cannot be spoofed (if the user does not modify the Flash Player itself). This means that you can be absolutely sure that the SWF connecting to your server has not been modified in any way, making it very easy create a trusted relationship with the client.
Now, how the hell do we implement this absolutely fantastic feature in non-media server projects? It has to be in the AMF3 protocol somewhere. Anyone? Adobe?
3 Comments
FireBug love
Just wanted to post a quickie to say how much I love FireBug. It has made my day about a million times.
Big thanks to John Barton (and anyone else involved). You’ve made programming JavaScript 1000 times more enjoyable.
Follow me on Twitter!
Other services
With OSS flash players becoming better & better you can’t be “absolutely” sure.
Good words.
Some are saying SWF verification is not that safe either:
http://www.adobe.com/cfusion/webforums/forum/messageview.cfm?forumid=15&catid=578&threadid=1396045