As RTMP continues to grow, and Red5 triumphs as the only open source RTMP server alive, there are concerns to protect your application from misuse. The following red5 application implements stream security for both playback and publishing.
You can edit the files – allowedHTMLdomains.txt and allowedSWFdomains.txt and add the domain names that you want to be able to playback/publish using your application. Each domain name must be added in a new line.
The application also lets you allow/disallow publishing entirely. To do so edit the file red5-web.xml and set enable publish as true/false according to your needs:
<bean class="org.red5.core.security.PublishSecurity" init-method="init" id="publishSecurity">
<property name="application" ref="web.handler" />
<property name="htmlDomains" value="/WEB-INF/allowedHTMLdomains.txt" />
<property name="swfDomains" value="/WEB-INF/allowedSWFdomains.txt" />
<property name="publishNames" value="/WEB-INF/allowedPublishNames.txt" />
<property name="enablePublish" value="true" />
</bean>
You can also set stream publish security by defining specif stream names that are allowed for recording/broadcasting in the file allowedPublishNames.txt
Note : putting a * in any of the three security files will disable security for the particular context. Eg: Putting a * in allowedPublishNames.txt means that stream check is disabled.
This application is created for a quick and easy deployment, with guidance from red5.org.
Download:
Customstreamer_domaincontrol_source_0.8
Customstreamer_domaincontrol_deployable_0.8 [rtmp application name: domaincontrol]
Or generate your own with Red5 – Online Application Generator