A–C
D–H
I–Z
Developer services
Project centers
Community resources
- Flex cookbook (share code)
- Adobe AIR cookbook (share code)
- CSS Advisor (browser bug fixes)
- Exchanges (share components)
- Adobe Labs
- Adobe Open Source
- Forums
- RSS feeds
- Bug base
- User groups
- Adobe Community Experts (ACE)
- Developer events
Integration
Product documentation
Downloads
Samples
Training and books
- Online training
- Classroom training
- Certification
- Adobe Developer Library
- Adobe Press
- Safari Books Online
Newsletters
Blogs
Archives
ADC program
Additional resources
Tom Green
Table of Contents
Beginner's guide to security features in Flash Media Server 3.5
This article is the fourth in a loose series of beginner's tutorials. This tutorial shows you how to put the new security features of Flash Media Server 3.5 to good use. First I show you how to encrypt your videos so that users cannot intercept them off the web while they're being streamed. I then explain how to enable SWF verification so that users can't decompile and reuse your SWF files.
Here are all the articles in the series:
- Part 1: Installing Flash Media Server 3.5
- Part 2: Streaming video with Flash Media Server 3.5
- Part 3: Using ActionScript 3.0 with Flash Media Server 3.5
- Part 4: Security features in Flash Media Server 3.5
- Part 5: Streaming audio through Flash Media Server 3.5
- Part 6: Streaming live video with Flash Media Server 3.5
- Part 7: Dynamic streaming with Flash Media Server 3.5
They don't call it the "wild, wild web" for nothing. It is not uncommon, for example, for you to post a video to your site and to have it appear somewhere else in what seems like mere minutes. In fact, if there is a valid reason for hobbling the use of video on the web, it's that it is unsecure.
Let me be really clear about the purpose of this article. The approach I want to take here is not to wrap my video inside a security cordon that approximates the protection level of a head of state. Instead, I want to make it freely available—just not easily stolen.
Let me explain by way of analogy. Recently I needed to buy a mouse for my laptop. What struck me about this simple purchase was the mouse's packaging: it was encased in that hard plastic shell that requires a chain saw to open. The purpose of the packaging is to prevent theft. It takes an awfully long time to open, and the odds are really good that, if you were to attempt to open the package and swipe the mouse, there would be a security guard looking over your shoulder asking you what the heck you were doing.
Delivering your video with progressive download—that is, downloading the FLV into Adobe Flash Player using an HTTP connection—is the equivalent (in my store analogy) of simply dangling the computer mouse from its USB cord on the shelf. It is totally unsecure and relatively easy to swipe. The reason is that the FLV file is downloaded to the browser cache. It takes no effort whatsoever to move that FLV file from the cache to the desktop.
If you are a hobbyist and post videos of your children for the grandparents or shoot stuff through your cell phone, security is not a huge concern. Progressive download probably makes the most sense for you. If, on the other hand, you have paid for the content itself or paid some serious money to have it professionally produced, you probably have a reasonable need to protect that investment. This is where Flash Media Server comes in.
You see, when a video is streamed through FMS, nothing hits the browser cache. Flash Player does all the heavy lifting to translate the bits flowing into the player into the video you see in the FLVPlayback component (or custom player) on the web page. Streaming through FMS adds a major upgrade in the security cordon around the video. It's as if the retailer has chained the computer mouse to the display or moved it into a locked display case.
Note: Read the section "Delivery options for Flash video" in the Flash Video Learning Guide to find out more about the options available to you when delivering video on the web. Also check out the short video, "Delivering video on the web," in the Video Technology Center to hear more about the differences between progressive download and streaming delivery of FLV files.
Flash Media Server 3.5 has two built-in features that allow you to put that mouse back on the shelf, and not get swiped: encryption and SWF verification. This article shows you how to apply each of these security features to a streaming video.
Requirements
To follow along with this article, you'll need the following software and files:
Flash Media Development Server 3.5
Flash CS4 Professional
Sample files:
- beginner_security_fms3.zip (ZIP, 18.2 MB)
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License
About the author
Tom Green is a professor of interactive multimedia at the Humber Institute of Technology and Advanced Learning in Toronto, Ontario. He is the author of several best-selling books in the area of Flash and Flash technologies. His latest book is Foundation Flash CS4 for Designers, coauthored with David Stiller, and he updated Foundation Flash CS3 Video with Adam Thomas. Tom has completed DVD videos for Lynda.com and Adobe Systems, and is a partner at Community MX and a regular contributor to Digital-Web.com and Layersmagazine.com. He is also an active member of the Adobe Community Experts Group, speaking at conferences and seminars around the world and contributing regularly to the Adobe Developer Connection in the areas of Flash authoring and video technologies.
