Skip to main content
Z
ZzionN
Inspiring
October 1, 2008
Question

RTMPE cannot protect contents

  • October 1, 2008
  • 1 reply
  • 2466 views
I was able to download streaming videos using RTMPE potocol by an application called replay catcher.
Are there any new methods to protect our contents?
    This topic has been closed for replies.

    1 reply

    A
    Anonymous
    October 1, 2008
    Yes, FMS has extensive ways to protect the content. And it has already been discussed in posts a while ago.

    There is also a useful post on the blog of Kevin Towes, Product Manager, FMS.
    http://blogs.adobe.com/ktowes/


    Correcting the reports, replay catcher has never downloaded videos using RTMPE; it is just that it try to use RTMP url to access the same stream and becomes successful if rtmp & rtmpe both are enabled on target FMS (which is actually the default setting on FMS3).

    referring to Kevin's blog and other information around adobe.com; I think that using any of the options below will block replay catcher:

    - using swf verification feature makes sure that only specified custom swf(s) may connect to FMS.

    - disabling RTMP is one way so that ONLY RTMPE connection is accepted at FMS.

    - The strongest of all is server-side action script; one can write own connection authentication method in SSAS methods and RMI client.onConnect() and client.call. this will make make sure any client like replay catcher will just not able to comply with your custom authentication routine as it would be unique.




    Z
    ZzionNAuthor
    Inspiring
    October 1, 2008
    Thanks fmslove.
    After that,I have one more question.
    Even though my server allows RTMP as well RTMPE connection, I have enabled swf verification(and being tested)
    When the player was playing the video, it was using RTMPE.
    How can the replay catcher connect my server using RTMP? Why it won't be detected by the verification?
    J
    jpvdp
    Participating Frequently
    October 31, 2008
    To correct the correction, replay catcher does download rtmpe streams.
    I disabled rtmp and enabled swf verification, still replay catcher downloads the content.

    It looks like they monitor the communication between server and player and replay that for their own connection.
    So the swf verification protection is not safe.
    The only method left in the documents provided by adobe is a rather fishy smelling one,calling a client function with a random number and check that. That is as safe as securetoken used by wowza, people can decompile your swf and figure out the function/shared secret.

    Untill adobe does come with a good solution your content is not protected in any way.
    Kinda makes one wonder why adobe is not saying anything about this.
    They were very strong telling that swf verification and smtp(e) provided protection.

    JP
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices