 |
|
|
Flash Communication Server Article |
|
|
|
|
| |
| |
|
| This
article covers the following topics: |
| |
| |
|
|
What is Macromedia Flash MX and the Flash Communication Server?
The Flash
Communication Server is a platform enabling real-time,
multi-way communications applications (including text,
audio and/or video) developed with Macromedia Flash
MX.
Macromedia Flash MX is a powerful authoring environment,
including video, multimedia, and application development
features, which allow designers and developers to
create rich user interfaces and enterprise application
front ends. |
| |
|
|
Macromedia Flash communications applications
A Flash communications application is a Flash application
that communicates through the Flash Communication
Server. Usually these applications enable person-to-person
communication (either one-to-one, one-to-many, or
many-to-many). Flash may also be used for machine-human
communication, such as real-time data transmission
and notification.
Flash communications applications may consist of:
|
· |
A
web page that the user views to start the application.
The web page typically contains the Flash movie
(SWF file) created with Macromedia Flash MX.
Alternately, it could be a place to download
a stand-alone executable.
|
|
· |
A
client Flash application (SWF) that executes on
the end user's machine in the Flash Player. This
is either in a web browser or a standalone application.
This contains the presentation layer or user interface
for the application.
|
|
· |
Server
code and data: server-side ActionScript that executes
on the Flash Communication Server can contain
application logic. With ActionScript executing
on both the client and server, the application
logic can be distributed to clients or centralized
as needed.
|
|
· |
Application
Servers: both the Flash client and Flash Communication
Server can connect to application servers to execute
CFML, Java, and .NET code.
|
|
| |
|
|
Network protocol
Macromedia Flash MX uses the Real-time Messaging Protocol
(RTMP) for client-server communication. This is a
TCP/IP protocol designed for high-performance transmission
of audio, video, and data messages. RTMP sends unencrypted
data, including authentication information such as
a name and a password.
While RTMP is not secure, Flash communications applications
can perform secure transactions and secure authentication
through a SSL-enabled web server. (For more details,
see the section on end user access below.) |
| |
|
End
user access
The Macromedia Flash Communication
Server MX supports several ways of controlling whether
an end user may connect to an application instance:
|
1 |
Unauthenticated access requires no name or
password login.
Intranet applications may be easily accessed
by anyone in the organization for internal
corporate communications, ad hoc video conferencing,
etc. Anyone who has access to the website
or Flash movie and the communications server
also has access to the application.
Customer service and support applications
may allow any end user of a website to communicate
with company representatives immediately—without
requiring the end user to register or supply
identity information.
|
|
2 |
Basic authentication is typically used with
a small user base where secure authentication
is not required.
Identity information, such as name and password,
is transmitted over unencrypted RTMP. The
server verifies the name and password, and
allows the client to continue as appropriate.
This is a good option for intranet applications
delivered on a website that require end user
authentication.
|
|
3 |
Ticket-based authentication - the most scalable,
and quite secure method.
With ticket-based authentication, a user
is first verified by an authentication server,
which provides the Flash client with a "ticket".
This is passed to the Flash Communication
Server, which is configured to verify the
ticket. Tickets can expire after a short time.
|
|
4 |
IP address access may be allowed or denied.
The server may be configured to prevent or
allow access from a specific IP address or
range of IP addresses.
|
|
| |
|
Controlling users
The Flash
Communication Server has functions for server-side scripts
that may disconnect users. Applications can be developed
for moderators or administrators to perform custom maintenance
and monitoring. |
| |
|
End user privacy
End user
data can be stored in shared objects, a mechanism for
persistent storage on either the client or server computer.
Applications only have access to the shared objects
associated with that application, preventing another
Flash program from reading that data. The shared object
storage, however, is not secure. The data is stored
in an unencrypted, binary format. It should not be used
for sensitive data, such as financial information. |
| |
|
|
Access to a host machine's resources
Applications
can not access the resources or files of other applications.
This is enforced by saving resources for one application
in a unique directory that can't be accessed by other
applications.
Server administrators may also set limits on the
bandwidth consumed by an application. This will prevent
one application from consuming all the network bandwidth
on a machine.
Disk space may also be limited by the server configuration.
|
| |
|
|
Adapters, virtual hosts, and applications
The Macromedia
Flash Communication Server will work with multiple
network adapters on the server machine. This allows
the server to be built for maximum network throughput.
In addition, "virtual hosts" may be configured on
each adapter. Virtual hosts can be used to isolate
different server users, allowing each server user
to add applications freely but keeping their programs
separate from others. Virtual hosts are assigned to
specific adapters.
Finally, individual applications can run as a default
instance or individual instances. For example, different
instances of the same video chat application allows
the program to be used by different groups that do
not want to communicate. Applications always run under
the same virtual host. |
| |
|
|
Server configuration
Proper
server configuration is the key to securing your applications.
Some of the items that the administrator can control
are:
|
· |
Administrator
users and passwords. |
|
· |
IP
address ranges or domain names required or denied
to administrator users. |
|
· |
Connection
port for administrators, thus allowing access
only to users behind a firewall. |
|
· |
Performance
parameters such as thread limits, garbage collection
intervals, and stream allocation size. |
|
· |
IP addresses and ports to listen on for normal
incoming connections |
|
· |
Domain
names or IP address ranges permitted or denied
for applications. |
|
· |
Logging
server access and application events. |
|
· |
Performance
characteristics of the server-side script engine. |
|
· |
Bandwidth capacity for an application. |
|
· |
Default bandwidth for a client connecting to an
application. |
|
· |
Directory roots used for stream, data, and application
storage. |
|
· |
Limits on application instances, streams, and
shared objects. |
|
|
| |
Conclusion
The Flash Communication Server and client applications are
easy to secure by following proper development and configuration
guidelines. Applications can be safely deployed to servers
by following the recommended practices for secure development.
|
|
| About
the author
Dave Simmons joined Macromedia in 1993 and is currently
an engineer on the Flash Communication Server MX team. Prior
to joining that group, he developed the Shockwave Multiuser
Server for Director. He spent several years as Project Manager
for SoundEdit 16 and also worked on Japanese, Chinese and
Korean language versions of Macromedia products. In a prior
life, he worked in Tokyo and Singapore for 8 years before
settling in Northern California.
|
| |
|
|
|
|
|
|
