RTMP & Flash Media Streaming Server Live application

Forum|Forum|16 years ago
February 4, 2010
2 replies
11488 views

I'm running Flash Media Streaming Server and have only been serving VOD up until now. I had my network administrator open up port 1935 to the outside world during the setup process and now I can't remember if that was actually required for streaming VOD to clients. Most documentation I've read says that this port should be open, but I seem to recall reading something at one point that suggested it wasn't necessary.

I've just started messing around with publishing live streams using Flash Media Live Encoder to the Flash Media Streaming Server. I have that working without issue but was surprised to find that no authentication is required before a client running the live encoder can publish a stream to the Flash Media Streaming Server. An authentication module is available however it only works with Flash Media Interactive Server and Flash Media Development Server.

If I leave port 1935 open to the outside world, there would be nothing to stop anybody anywhere from streaming video via my server. Anyone else running a default install of Flash Media Streaming Server and with port 1935 open to the outside should see that this is true of their setup as well. I'm wondering if I can safely close port 1935 without limiting the functionality of the server or if there's some way I can require authentication prior to publishing a live stream even though I'm not on the four-and-a-half-times-more-expensive edition of the product.

This topic has been closed for replies.

R

rubens_queiroz

Participating Frequently

I have the Flash Media Interactive Server, and I have also installed the authentication module. However, port 1935 is still open to the world, and this is a grat concern of mine. Is there a way around this problem?

Best regards,

Rubens

A

Anonymous

It's my understanding that if you close port 1935, FMS will fall back to tunneling RTMP over HTTP instead, so blocking port 1935 won't ultimately block the traffic. Having the port open isn't much of a security risk in and of itself anyhow; the only reason I can think of to close it is to prevent externals from being able to stream to / from your server, which you've already done with the auth module which in turn gives you more flexibility (streaming to / from the server via straight RTMP from outside of your network if you authenticate.)

It's good practice to keep open only those ports which you absolutely need to deliver your services, but you can't deliver services without opening a few ports. I could compare this to an attempt at making an omelette without breaking any eggs, but I'm too tired to figure out how to phrase the analogy.

teh_chicken

R

rubens_queiroz

Participating Frequently

That's exactly my concern. As it is, anybody, anywhere, anytime, can send whatever they want to my streaming server. I am migrating from the Real Networks solution, where I could determine who were allowed to broadcast through my server. The auth module is what I want, to create a username and password to those who can use the system. I don't see the point of this module as in practice anybody can stream to the server. For us this is a real issue.

Thank you very much for your attention,

Rubens

Asa_-_FMS

Adobe Employee

This lack of authentication options on FMSS live is a known issue that we're working on here. There's not really a great option for this now, minus restricting who can connect to the application in question with IP configuration. It doesn't work well for this purpose in authentication and it's a known problem that doesn't have a good answer now other than deferring clients toward FMIS that doesn't have this issue until we can resolve it.

Asa

A

Anonymous

Is there a way to restrict, by IP address, who can publish a stream to the live application without limiting which IP addresses can view said stream?

Asa_-_FMS

Adobe Employee

Not on FMSS - hence the acknowledgement of the problem, it's not really a tenable solution.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded