Red5
 » 
Red5 - English

 « Return to Thread: Are SOs automatically reconnected?

Re: Are SOs automatically reconnected?

by Andy Shaules :: Rate this Message:

Reply to Author | View in Thread


Also, I suspect when the system is effective, there will be nothing left to
do for him/her except write swf that spam the server with connection
attempts, which may be your race condition.

Implemeting shared object security, you can reject any connection that has
not yet been verified by your system.

Which may require you to re-write the client to wait for verification befor
gaining shared objects.



----- Original Message -----
From: "Walter Tak" <walter@...>
To: <red5@...>
Sent: Saturday, July 04, 2009 6:03 AM
Subject: Re: [Red5] Are SOs automatically reconnected?


> How about incrementally numbering your outgoing messages and have the
> receiving end (either server or client) ignore any messages with a number
> that already has been received ?
>
>> Hello list,
>>
>> I'm trying to figure out some unusual activity on my server.
>>
>> If I lose connection to the server while connected to a shared object,
>> then reconnect the server, is the shared object automatically
>> reconnected, too? This is flash.
>>
>> The background is the following: For a long time I didn't have any
>> security for the actual messages being exchanged in my chat room. Now
>> lately someone has started to inject RTMP packets (I have no clue how)
>> into the data stream between server and chat applet.
>>
>> So I've started to sign the communication packets, so they could not be
>> spoofed. As a result, the person has started to just copy packets, to
>> spam things.
>>
>> Since both the messages and the signature contain the connection ID I've
>> started to match the sent connection ID against the real one in
>> onSharedObjectSend().
>>
>> Now some warnings appear for spoofed messages, which COULD be a race
>> condition on reconnect. If the client reconnects. It receives the
>> new connection ID from the server and should not do anything before that.
>> But if SOs would be automatically reconnected, some of the SO functions
>> could fire with the old ID. This does sound unlikely, but some of the
>> spoofing attempts come from an internal message type, which is triggered
>> a lot through the SO and makes very little sense to mess with. ;)
>>
>> tl;dr: see second paragraph. ;)
>>
>> Thanks,
>>
>> Thomas
>>
>> _______________________________________________
>> Red5 mailing list
>> Red5@...
>> http://osflash.org/mailman/listinfo/red5_osflash.org
>>
>>
>>
>> --
>> Internal Virus Database is out-of-date.
>> Checked by AVG. Version: 7.5.560 / Virus Database: 270.12.26/2116 -
>> Release Date: 15-05-09 06:16
>>
>
>
> _______________________________________________
> Red5 mailing list
> Red5@...
> http://osflash.org/mailman/listinfo/red5_osflash.org
>


_______________________________________________
Red5 mailing list
Red5@...
http://osflash.org/mailman/listinfo/red5_osflash.org

 « Return to Thread: Are SOs automatically reconnected?

Free embeddable forum powered by Nabble Forum Help