The open streaming media industry, developers and webhosts together have condemned Adobe’s move to sue Wowza media server. Adobe states that this is a case of “patent infringement and unfair competition“, but what this actually looks like is a slap on the face to the open streaming community. Adobe is perhaps trying to mention that nothing beyond Flash Media Server is acceptable to be used with flash, which now seems to be a more closed product day after day.
(more…)
- May 10, 2011
- RTMP
- Flash Media Server, RTMP, Streaming
Wowza suing not appreciated “Dont discourage choice” – speaks community
- September 20, 2010
- Commercial, Red5, RTMP
- Actionscript 3.0, Flash Media Server, Red5, RTMP, Streaming, Video
Web Media Live Encoder – The Flex Based Online Broadcasting Application
Flashvisions.com is launching a new site pretty soon – rtmpworld.com, dedicated to Realtime products, based on RTMP and RTMFP Protocols. Our first major release is the Web Media Live Encoder. (more…)
year
Ready to use – Red5 streamer with stream security
As RTMP continues to grow, and Red5 triumphs as the only open source RTMP server alive, there are concerns to protect your application from misuse. The following red5 application implements stream security for both playback and publishing.
You can edit the files – allowedHTMLdomains.txt and allowedSWFdomains.txt and add the domain names that you want to be able to playback/publish using your application. Each domain name must be added in a new line.
The application also lets you allow/disallow publishing entirely. To do so edit the file red5-web.xml and set enable publish as true/false according to your needs:
<property name="application" ref="web.handler" />
<property name="htmlDomains" value="/WEB-INF/allowedHTMLdomains.txt" />
<property name="swfDomains" value="/WEB-INF/allowedSWFdomains.txt" />
<property name="publishNames" value="/WEB-INF/allowedPublishNames.txt" />
<property name="enablePublish" value="true" />
</bean>
You can also set stream publish security by defining specif stream names that are allowed for recording/broadcasting in the file allowedPublishNames.txt
Note : putting a * in any of the three security files will disable security for the particular context. Eg: Putting a * in allowedPublishNames.txt means that stream check is disabled.
This application is created for a quick and easy deployment, with guidance from red5.org.
Download:
Customstreamer_domaincontrol_source_0.8
Customstreamer_domaincontrol_deployable_0.8 [rtmp application name: domaincontrol]
Or generate your own with Red5 – Online Application Generator
Hacking Private Channels Of Ustream
Recently working on a custom player implementaion on ustream.com using their api, i found a huge loophole that i would like to share. Ustream lets you create public/private channels and then broadcast on them using fmle or swf based publisher. Private channels can be password protected, so only people with right password can view it. But here is the catch !! The password based security system is pretty invalid in itself.
While programming on the platform i noticed that the player uses amf protocol to send receive data to server. So here is how you can hack any one’s private channel (password protected).
1. Go to https://addons.mozilla.org/en-US/firefox/addon/1843/ and install firebug extension for firefox.
2. Go to the page which hosts the private channel and open the firebug debug panel. Make sure you have enabled the Net panel.
3. Next without much effort if you see you will notice that, while going through the requests made by the site to ustream, the amf call with the password tagged to it is very clearly visible.
So there you have it both channel id and password for the stream !. Not so protected is it now ? 🙂
Has this method been fixed by ustream? I am not having any luck. I am trying to watch: http://www.ustream.tv/recorded/9438662 If…