Home
/
MACROMEDIA
/
FLASH MEDIA SERVER 2-MANAGING FLASH MEDIA...
/
Manual

MACROMEDIA FLASH MEDIA SERVER 2-MANAGING FLASH MEDIA..., Manual

Share

Page: 221 / 238

background image

JavaScript security

221

// available globally as idGen.

global.idGen = protectObject( idgen );

// Make idGen non-enumerable, read-only and permanent
setAttributes( global, "idGen", false, true, true );

When normal script loading begins

idGen

will be available as a global object, that cannot be

compromised by any script loaded directly or indirectly from

main.asc

.

Example

//main.asc
trace( "Loading main.asc" );
trace( "idGen = " + idGen );
idGen = 50;
trace( "idGen = " + idGen );

Here’s the output for main.asc:

Example

Loading secure.asc
Loading main.asc
idGen = [object Redirector]
idGen = [object Redirector]

If you are using Linux, remember that

secure.asc

is case sensitive.

Protecting objects

A new global function in Flash Media Server lets application developers protect user-defined
objects behind C-wrapper objects. The function

protObj = protectObject(userObj);

takes an object and returns the wrapper object. Any user-defined object that has been
protected with this

proObj

function becomes a wrapper object whose methods may be

considered as system calls since they cannot be compromised.

The wrapper object returned by this function fulfills all invocations to the underlying user
object but blocks access to the member data. As a result, one cannot enumerate or modify
members directly. Once an object has been protected with this function, you need to make
sure that it is no longer accessible in global variables or as a member of an accessible object.

The wrapper object keeps a reference to the underlying user object to ensure that it remains
valid during the lifetime of the wrapper. The wrapper itself follows the normal reference rules
and exists as long as an application refers to it.

Protected objects can be used to implement any security model, such as system calls, privilege
rings, and ACLs (Access Control Lists).

«
...
219
220
221
222
223
...
»

Summary of Contents for FLASH MEDIA SERVER 2-MANAGING FLASH MEDIA...

Page 1: ...Managing Flash Media Server...

Page 2: ...e link does not imply that Macromedia endorses or accepts any responsibility for the content on those third party sites Jabber is a registered trademark of the Jabber Software Foundation Sorenson Spar...

Page 3: ...on Linux 15 Using the management console 16 Connecting to the management console 17 Managing applications 19 Creating a new application instance 21 Managing the administrative users 27 Managing the se...

Page 4: ...65 Configuring independent virtual hosts for SSL application 66 About configuration levels 66 About the configuration hierarchy 66 Adding adaptors and virtual hosts 69 Server administration over HTTP...

Page 5: ...Flash Media Server Security 215 Managing server security 215 About authentication and authorization 218 JavaScript security 219 Secure script loading 220 Protecting objects 221 Permissions levels 222...

Page 6: ...6 Contents...

Page 7: ...teract with the server to retrieve information or modify the server configuration This API is described in detail in the Server Management ActionScript Language Reference included with Flash Media Ser...

Page 8: ...on a separate Windows or Macintosh computer to develop your Flash applications You ll also need Macromedia Flash Player for Windows or Macintosh and a web browser to run the sample applications About...

Page 9: ...NIX system replace the backslashes with forward slashes Additional resources The Flash Media Server documentation was written before the code in the product was complete Therefore there may be discrep...

Page 10: ...10 About This Manual...

Page 11: ...isk of conflicting with another application that may be assigned to the same port for example if you configure the server to use port 80 to support HTTP tunneling the server might not run both a web s...

Page 12: ...ministrator defined during installation have access to all virtual hosts Server administrators can add or delete virtual host administrators using the management console Registering client application...

Page 13: ...client application s directory you can give that application different settings from those defined in the virtual host s Application xml file which serve as the default settings for applications on t...

Page 14: ...t are encoded in UTF 8 format must be transferred to the server via a binary file transfer For more information about using server side scripts see Developing Media Applications Starting and stopping...

Page 15: ...ge to the directory where the server is installed 3 Open a shell window and type the following fmsmgr server fms start To stop the server on Linux 1 Log in as a root user 2 Change to the directory whe...

Page 16: ...s data properties in the adjoining window The management console is a Flash application fmsconsole swf that Macromedia created with public APIs application programming interfaces When you install Fla...

Page 17: ...then communicates with the server to perform its administration functions On both Linux and Windows systems you must first explicitly start the Admin service After the Admin service is started authori...

Page 18: ...ptor virtual host administrators must specify the name of the adaptor For example if a virtual host administrator is logging on to a virtual host on the adaptor _secondAdaptor_ the administrator JLee...

Page 19: ...and Bugs Designer Developer Center Customer Service Clicking the question mark icon displays links to Flash Media Server online help and documentation Managing applications The View Applications pane...

Page 20: ...istrative actions on a selected application Review the selected application s log file as it records events Monitor the clients connecting to the application View the streams and shared objects runnin...

Page 21: ...ton This action creates a new application instance within the application list The management console adds a default instance suffix _definst_ which can be edited Press Enter to submit the name and st...

Page 22: ...ion creates an associated log file The Live Application log pane displays the log messages The application administrator can use the Find box on the bottom margin of the pane to search for partial str...

Page 23: ...ion The management console displays the following information for each client Client ID Connection protocol Number of bytes in the connection request and the information returned Connection time Numbe...

Page 24: ...red object Select a shared object to view its data values The information on this pane is helpful when debugging the application When you select a shared value one of the following occurs If the share...

Page 25: ...ebug connection is possible If debugging is not allowed the Play Stream button does not show The Viewing server performance tab pertains to the performance of this particular application The informati...

Page 26: ...lication was started and how long it has been running continuously Number of messages in and out of the application Amount of bytes in and out of the application This pane also graphically displays th...

Page 27: ...rvers and virtual hosts Select a server or virtual host to display its authorized administrators The right side pane lists the administrators for the server or virtual hosts Select the New User button...

Page 28: ...can access and manage This pane allows the administrator to select an individual server or a group of servers for viewing information Servers are grouped into a tree structure The sample shows the pre...

Page 29: ...ple servers simultaneously Ping the selected server to verify that the server is running and view its responsiveness in milliseconds Restart or start the selected server or virtual host Check for and...

Page 30: ...o occupies the left side of the screen in this section of the management console The pane lists the servers and virtual hosts that the administrator can access and manage Viewing server details This p...

Page 31: ...each client accessing the server or virtual host Client ID Connection protocol Number of bytes in the connection request and the information returned Connection time Number of messages in and out of t...

Page 32: ...t are running on the server The name of each application is displayed along with the number of instances of the application that have been loaded on or unloaded from the server the number of users tha...

Page 33: ...console displays the detailed information for your Flash Media Server license Select an individual license to display its details in the lower frame For each serial key the management console displays...

Page 34: ...tial strings in the log messages Clicking the Clear Log button clears the screen Logging client connections and other system events Flash Media Server 2 provides a logging functionality that allows th...

Page 35: ...ate file per vhost When logging is configured on a per vhost basis all logs for a particular vhost are found in a subdirectory within the logs directory The name of the subdirectory matches the vhost...

Page 36: ...s field contains a space or delimiter the data is wrapped in double quotation marks The double quotation marks surrounding the data are not part of the data but are present for better parsing of the d...

Page 37: ...used to bill customers per session To calculate the bandwidth usage per session subtract the sc bytes in the connect event by the sc bytes in the disconnect event x sname application Stream name x fil...

Page 38: ...is is a composite field cs uri stem x sname x file ext x sname query x status application For a complete description of the x status codes and descriptions see the following table Field Status Code De...

Page 39: ...in the matching vhost directory The xx in the filename is a 2 digit number representing the history of the application log The most recent logs can be found in application 00 log The following table l...

Page 40: ...ult to create a diagnostic log for each type of process The xx in the file name is a 2 digit number presenting the version of the log The most recent logs can be found in version 00 log x pid all Serv...

Page 41: ...s the severity category and message ID The first 3 characters represent severity Always in a format of letter The letter can be any of the following w warning e error i information d debug s trace fro...

Page 42: ...ion failed service will be stopped 1003 Error during shutdown process process will be terminated 1004 Reinitializing server 1005 Failed to start the following listeners for adaptor 1 S 2 S 1006 Failed...

Page 43: ...ation 3 S 1028 Exception while processing message 1029 Bad network data terminating connection 1 S 1030 Illegal subscriber 1 S cannot subscribe to 2 S 1031 Failed to start virtual host 1 S 1032 Failed...

Page 44: ...1 S 1059 Invalid user ID 1 S 1060 NetConnection Admin CommandFailed 1061 Invalid parameters to 1 S method 1062 Failed to unload application 1 S 1063 Failed to load application 1 S 1064 1 S applicatio...

Page 45: ...n to Flash Media Server 2 has been disconnected 1089 Failed to play stream ID 1 S 1090 Failed to play 1 S stream ID 2 S 1091 Play stop failed stream ID 1 S 1092 Audio receiving enabled stream ID 1 S 1...

Page 46: ...IP 2 S and port 3 S are already in use 1116 Failed to create adaptor 1 S 1117 Failed to play 1 S stream not found 1118 Insufficient admin privileges to perform 1 S command 1119 Failed to initialize li...

Page 47: ...Connection Call Success 1141 Unable to locate server configuration file during startup 1142 Unable to locate script file 1 S 1143 NetConnection Call AccessDenied 1144 NetConnection Call BadValue 1145...

Page 48: ...reconnect to Flash Media Server 2 1167 Failed to remove application 1 S 1168 Exception while processing message 1 S 1169 Failed to execute admin command 1 S 1170 Unloaded application instance 1 S 117...

Page 49: ...d Virtual host 1 S Max Allowed 2 S Current 3 S 1195 Server to client bandwidth limit exceeded Virtual host 1 S Max Allowed 2 S Current 3 S 1196 Adaptor 1 S does not exist 1197 Virtual host 1 S does no...

Page 50: ...aborted 1218 Failed to play stream 1 S Recorded mode not supported 1219 Missing arguments to 1 S method 1220 Invalid admin stream 1 S 1221 Core 1 S started arguments 2 S 1222 Failed to start core 1 S...

Page 51: ...248 Core 1 S failed to establish proxy to edge 1249 Core 1 S socket migration failed 1250 Edge disconnected from core 1 S 1251 Proxy to core 1 S failed 1252 Registering core 1 S 1253 Socket migration...

Page 52: ...ess Whether access logging is enabled Enable true Enable The logging scope determines whether a log file is written out for each vhost or just one for the entire server It may be either server or vhos...

Page 53: ...mple April in M is 4 and in MM is 04 FileName access YYYYMMDDNN log FileName The time field in a log file can be either in utc or local The setting here can be used to override the server wide configu...

Page 54: ...ype of event 2 x category Event category 3 date Date at which the event occurred 4 time Time at which the event occurred 5 tz Time zone information 6 x ctx Event dependent context information 7 x pid...

Page 55: ...f one or more field names The special keyword indicates that all fields are to be logged When customizing the fields to be logged it is strongly recommended to always at least log the type category da...

Page 56: ...ype daily rotation only occurs every 24 hours and the format is hh mm for example 00 00 will rotate every midnight If type duration rotation occurs when the duration of the log exceeds a certain lengt...

Page 57: ...ows Start menu select Settings Control Panel Administrative Tools Event Viewer 2 Select the Application panel 3 Double click an event generated by Flash Media Server to view the details of the event C...

Page 58: ...For more information see Server xml file on page 86 Starting the Flash Media Admin Service in Windows The Flash Media Admin Service is the service that you connect to when you log on to the server th...

Page 59: ...so removed Warning Use this command only if you want to uninstall the server you still need to manually remove the installed files fmsmgr server service_name abort Stops a running Flash Media Server s...

Page 60: ...oot user using the fmsmgr utility before anyone can use the management console fmsmgr setadmin service_name Changes the default Admin service service_name is the name of the server you selected during...

Page 61: ...romedia Flash that is SWF files Each application defined on the server has a corresponding directory that contains the streams and scripts used by the application Your web server is responsible for se...

Page 62: ...other deployment scenario the server side files ASC files the audio video files Flash Video or FLV files and the source files FLA files should not reside in the web server s published directories Thes...

Page 63: ...uses to connect to Flash Media Server The application must be designed to check for these tickets typically with server side scripts SSL support in Flash Media Server Secure Sockets Layer SSL is a pr...

Page 64: ...the Server xml file configure Flash Media Server to act as an SSL enabled client making outgoing connections secure SSL SSLEngine SSLEngine SSLRandomSeed SSLRandomSeed SSLSessionCacheGC SSLSessionCach...

Page 65: ...contain the following information SSL SSLServerCtx SSLCertificateFile cert pem SSLCertificateFile SSLCertificateKeyFile private pem SSLCertificateKeyFile SSLPassPhrase SSLPassPhrase SSLCipherSuite AL...

Page 66: ...erifyDepth SSLCipherSuite SSLCipherSuite SSLClientCtx SSL About configuration levels The server is capable of hosting more than one adaptor and more than one virtual host on each adaptor Each virtual...

Page 67: ...directory contains the following The Server xml file This file contains settings that relate to the server only The specific settings for the adaptors virtual hosts and applications are stored in sepa...

Page 68: ...ult settings for the client applications that will connect to the server the Vhost xml file which contains the settings for the virtual host and the Users xml file which defines the administrative use...

Page 69: ...east one virtual host directory called _defaultVHost_ Any virtual hosts must be in addition to _defaultVHost_ When you design an application in Flash that will connect to Flash Media Server you add a...

Page 70: ...An Application xml file A Users xml file if you are defining administrators for this virtual host A typical customized server conf directory might look like this A customized conf directory containing...

Page 71: ...ame server management application programming interface API over HTTP as you would over RTMP By passing command strings and arguments to the URL of your Flash Media Server you can interact with the se...

Page 72: ...utf 8 result level status level code NetConnection Call Success code timestamp 11 17 2003 2 52 29 PM timestamp data bytes_in 0 bytes_in bytes_out 3284 bytes_out bw_in 0 bw_in bw_out 0 bw_out msg_in 0...

Page 73: ...e_allocated huge_released 2 huge_released units bytes global_size 430200 global_size thread_size 210900 thread_size size 641100 size reused 1980900 reused allocated 14068504 allocated released 1618633...

Page 74: ...e passed as comma separated values enclosed by square brackets 1 2 3 4 abcd 34 hi 10 20 31 32 40 Objects are passed as JavaScript inline object literals foo 123 bar 456 user Joe ssn 123 45 6789 huge_a...

Page 75: ...arguments for each command Remember that the admin user name and admin password are required for every command Command Required arguments Optional arguments Sample URL addAdmin username password scop...

Page 76: ...cheStats n a n a admin getFileCacheStats getGroupMembers appInst uid userid n a admin getGroupmembers appInst fo o groupid 63741000 getGroups appinst n a admin getGroups appInst foo getGroupStats appI...

Page 77: ...n a n a admin getServerStats getServices n a n a admin getServices getSharedObjects appInst n a admin getUsers appInst foo getSharedObjectStats appInst sharedObject persistent n a admin getInstanceSt...

Page 78: ...estartVHost n a scope admin restartVHost scope _defaultR oot_ foo macromedia com setConfig2 key value scope admin setConfig2 key Admin Server UserList User scott Password value foo scope startServer n...

Page 79: ...ing mappings that you defined The Flash Media Server 2 installer also defines a few of these mappings during the installation process and it stores them in a separate file called fms ini The server lo...

Page 80: ...Host When the server encounters the symbol it checks whether the symbol named VIR_DIR is mapped to anything It then finds that it is mapped to c streams in the substitution xml file The symbolic mappi...

Page 81: ...ore KeyValueFile tags in the substitution xml file Each of these tags can specify the location of one external file For example the following XML specifies the file C testfiles mySymbols txt within th...

Page 82: ...appear in each file Configurable application object properties for server side scripting Flash Media Server 2 supports configuration tags that enhance the server side application object You can now d...

Page 83: ...t variable COMPUTERNAME is equal to jsmith01 and you have defined a symbol named HELLO in the substitution xml file as follows Root Symbols HELLO World HELLO Symbols Root In addition the following XML...

Page 84: ...84 Deploying Flash Media Server...

Page 85: ...contains configuration tags that relate to the server adaptor virtual host application or logging activity they are associated with To customize the functionality of the server you edit these tags The...

Page 86: ...ClusterMonitorInterval BroadcastAddress 255 255 255 255 BroadcastAddress BroadcastPort 67 BroadcastPort MaxWaitTime 100 MaxWaitTime UserData UserData AutoDiscovery SSL SSLRandomSeed 16 SSLRandomSeed S...

Page 87: ...ads 0 MinConnectionThreads MaxConnectionThreads 0 MaxConnectionThreads MaxConnectionQueueSize 1 MaxConnectionQueueSize RTMP Connector Protocol RTMP Edge MinIOThreads 0 MinIOThreads MaxIOThreads 0 MaxI...

Page 88: ...s IPCQueues MessageCache MaxCacheUnits 4096 MaxCacheUnits MaxCacheSize 100 MaxCacheSize MaxUnitSize 16 MaxUnitSize FreeRatio 0 125 FreeRatio GlobalRatio 0 4 GlobalRatio MaxAge 1000000 MaxAge UpdateInt...

Page 89: ...eExitDelay 20 CoreExitDelay Master ResourceLimits Logging Time local Time Access Enable true Enable Scope server Scope Access Diagnostic Enable true Enable Diagnostic Application Enable true Enable Ap...

Page 90: ...matic proxy discovery messages BroadcastAddress Specifies the broadcast address to use for broadcasting FPAD messages BroadcastPort Specifies the broadcast port to use for broadcasting FPAD messages C...

Page 91: ...Specifies the maximum size of the FLV cache FreeMemRatio Sets the maximum percentage of total memory that the total pool size may occupy FreeRatio Specifies the percentage of the message cache to be c...

Page 92: ...pending MaxConnectionThreads Specifies the maximum number of threads used to process connection requests MaxIOThreads Specifies the maximum number of threads that can be created for I O processing Max...

Page 93: ...tag contains tags to configure the RTMP connector RTMP Protocol Container tag contains tags to configure the RTMP protocol Scope Determines whether or not to write a log file for each virtual host or...

Page 94: ...omSeed Specifies the number of bytes of entropy to use for seeding the pseudo random number generator PRNG SSLSessionCacheGC Specifies how often to flush expired sessions from the server side SSL sess...

Page 95: ...rotocol is also used for collecting performance metrics and issuing administrative commands to Flash Media Server cores The Admin Service is separate from the Flash Media Server When administrators co...

Page 96: ...proxy discovery messages that the Flash Media Server responds to Description The Allow tag is a comma delimited list of host names domain names and full or partial IP address as well as the keyword a...

Page 97: ...ia Server services all zones When this tag is set to Zone 2 but it receives a message from a client in Zone 1 the server does not reply to this client Example AllowZones 1 3 5 AllowZones This example...

Page 98: ...t specified by the Windows system variable INADDR_ANY By default Flash Media Server listens on any available interface on port 67 Syntax BindInfo ip port BindInfo See also ProxyInfo in this container...

Page 99: ...efault value is 60 seconds See also TTL Connector Container tag Description The tags nested within the Connector container configure the connector subsystem Flash Media Server provides connectors that...

Page 100: ...of 0 disables the timeout check CoreExitDelay This tag specifies how much wait time an idle core is given to exit on its own before it is removed from the server Description The default wait time is...

Page 101: ...foo com 10 60 1 133 10 60 Deny Deny all Deny See also Allow Order tags ECCP Container tag The tags nested within the ECCP container configure ECCP Edge Server Core Server Communication Protocol Descr...

Page 102: ...d the Enable tags in the Access Application and Diagnostic subdirectories in the Logging container Located in the Logging container Description This tag enables or disables the access logs A value of...

Page 103: ...nd Diagnostic subdirectories in the Logging container Located in the Logging container Description This tag enables or disables the diagnostic logs A value of true enables the logging process false di...

Page 104: ...setting is 0 125 12 5 percent When more free memory is available to a thread than the specified ratio the freed memory will return to the global pool See also FreeMemRatio GID This tag specifies the g...

Page 105: ...g specifies the maximum size in kilobytes of the shared memory heap used for an IPC interprocess communication message queue The default value for this tag varies according to its container HostPort T...

Page 106: ...scription The tags nested within the IPCQueues container configure the IPC queues Flash Media Server uses IPC queues to send messages from one core to another or from one process to another such as ma...

Page 107: ...rver will use the default loopback address as the local loopback Logging Container tag Description The tags nested within the Logging container perform the overall logging configuration You set the co...

Page 108: ...By default the creation mask is set to 017 in octal Therefore all the Flash Media Server object files are created with permission 0666 017 0660 rw rw The owner and the users who belong to the same gr...

Page 109: ...ze limit is reached The default is 4096 units See also MaxCacheSize MaxConnectionQueueSize Located in the HTTP and RTMP Connector containers Description This tag specifies the maximum number of connec...

Page 110: ...means 1 x N threads 2 means 2 x N threads and so on Flash Media Server can receive connections on various protocols The default value for this tag varies according to which container protocol it is ne...

Page 111: ...onse it receives By default the maximum wait time is 100 milliseconds Example MaxWaitTime 100 MaxWaitTime MessageCache Container tag The tags nested within the MessageCache container control how the m...

Page 112: ...tag varies according to which container protocol it is nested within See also MaxIOThreads MsgPoolGC This tag specifies how often Flash Media Server checks for and removes content in the global messag...

Page 113: ...completion routine threads on Windows 32 bit systems for edge server I O processing Order This tag specifies the order for evaluating the Allow and Deny tags Description This tag specifies whether Fla...

Page 114: ...iption The tags nested within the Process container contain the ID tags for all server processes These tags are applicable for Flash Media Server running on Linux systems only Contained tags GID UID P...

Page 115: ...roxy Auto Discovery process is enabled a warning is written to the system log The IP address of this computer and port 1935 is returned to the clients See also HostPort in Adaptor xml file ResourceLim...

Page 116: ...s MaxConnectionQueueSize MaxIOThreads MinIOThreads NumCRThreads See also RTMP Protocol in Protocol container RTMP Protocol Flash Media Server uses two container tags named RTMP one nested within the C...

Page 117: ...response for clients wishing to make a secure connection Syntax SecureProxyInfo hostname IP port SecureProxyInfo SegmentsPool Container tag Description The tags in this section configure how the segm...

Page 118: ...ire this information as a part of incoming connection requests If this tag is not set the host name field is not supplied in the referrer header Services Container tag Description The tags in this sec...

Page 119: ...the default value Located in the ACCP Admin Core ECCP containers and in the RTMP Protocol container within the Protocol container See also SocketTableSize SocketTableSize This tag specifies the size o...

Page 120: ...e of a file that contains one or more CA Certificate Authority digital certificates in PEM privacy enhanced mail encryption format See also SSLCACertificatePath SSLCACertificatePath This tag specifies...

Page 121: ...ption This tag is a colon delimited list of encryption resources such as a key exchange algorithm authentication method encryption method digest type or one of a selected number of aliases for common...

Page 122: ...ven if they are explicitly stated If is used then the ciphers are deleted from the list but some or all of the ciphers can be added again by later options If is used then the ciphers are moved to the...

Page 123: ...h and medium strength encryption with the high being preferred and reject export strength versions SSLCipherSuite ALL SSLv2 SSLCipherSuite Here is the complete list of components that Flash Media Serv...

Page 124: ...See also The SSL container IDEA IDEA encoding NULL No encryption EXP All export ciphers 40 bit encryption LOW Low strength ciphers no export DES MEDIUM 128 bit encryption HIGH Triple DES encoding Dig...

Page 125: ...applications you should experiment to determine the best value for this tag See also SSLCipherSuite SSLRandomSeed SSLSessionCacheGC This tag specifies in minutes how often to check for and remove unus...

Page 126: ...rtificate cannot be found within the specified depth the certification verification will fail The default depth is 9 See also SSLVerifyCertificate ThreadPoolGC This tag specifies in minutes how often...

Page 127: ...erMonitorInterval UID This tag contains the server process user ID Description If no UID or group ID GID is specified the server will run as root This tag is applicable for Flash Media Server running...

Page 128: ...strators or change their administrative permissions The Users xml file contains the following tag structure Root UserList User name SERVER ADMIN_USERNAME Password encrypt false SERVER ADMIN_PASSWORD P...

Page 129: ...ash Media Admin Service Deny HTTPCommands Lists the Flash Media Admin Service commands denied access via HTTP Deny User Lists the specific hosts from which the administrator cannot connect to the Flas...

Page 130: ...llow the Allow tag in the User container and the Allow tag in the HTTPCommands container Description This tag lists the specific hosts from which an administrator can connect to the Flash Media Admin...

Page 131: ...in the HTTPCommands container This tag lists those hosts from which the administrator is not authorized to connect to Flash Media Admin Service You restrict the administrator s access by creating a c...

Page 132: ...e other in the User container Description This tag specifies the order for evaluating the Deny and Allow commands Syntax Order Deny Allow Order The sequence Deny Allow means the HTTP command will be a...

Page 133: ...n the Deny list of commands and not specified in the Allow list See also Allow Users Deny User Password This tag specifies the password for the administrator of this vhost Description Passwords cannot...

Page 134: ...xml contains the tags and information used to configure the Flash Media Server log files You can edit this file to add or change configuration information including the location of the log files The...

Page 135: ...category x event date time x pid c ip cs bytes sc bytes x sname sc stream bytes x file size x file length Fields Delimiter Delimiter QuoteFields disable QuoteFields EscapeFields enable EscapeFields A...

Page 136: ...ers in the log file are escaped Events Specifies the events written to the Access log file Fields Specifies which fields for an event are logged in the Access log file FileName Specifies the name of t...

Page 137: ...lication Container tag Description The tags nested within this container configure the Application log file settings Contained tags Directory Rotation Time Delimiter Formatting tag This tag specifies...

Page 138: ...ctory in the server installation directory Located in Access Application Diagnostic containers DisplayFieldsHeader Formatting tag This tag specifies how many lines to write to the log file before repe...

Page 139: ...n instance stops connect application Client connects to the server connect pending application Client connects to the server waiting for the script to authenticate disconnect application Client discon...

Page 140: ...erver using an unknown protocol 401 Connection rejected by the application script 403 Connection rejected by access module 404 Application not found 409 Resource limit exceeded 413 License limit excee...

Page 141: ...complete list of fields associated with events in the Access log file Not every field is associated with each event in the log file publish 200 Successful 400 Bad request invalid arguments 401 Access...

Page 142: ...alculate the bandwidth usage per session subtract the value of cs bytes in the connect event from the value of cs bytes in the disconnect event sc bytes application This field shows the number of byte...

Page 143: ...ate the bandwidth usage per stream subtract the sc stream bytes in the play event by the sc stream bytes in the stop event cs uri stem application Stem portion of s uri omitting query field cs uri que...

Page 144: ...og access 02 log access 03 log and so on The default number of files to retain is 5 HostPort This tag specifies the IP and port of the log server Syntax IP port Example HostPort xxx xxx xxx xxx 1234 H...

Page 145: ...to use quotation marks to surround those fields in the log file that include a space Description This tag can be set to enable or disable By default it is set to disable See also Delimiter EscapeFiel...

Page 146: ...ion Schedule If the type attribute is duration rotation occurs when the duration of the log exceeds a specified length The duration is specified in minutes Located in Access Application Diagnostic con...

Page 147: ...uded with the server at installation is named _defaultRoot_ and its directory is found in the conf directory To change an adaptor s settings you edit the tags in its Adaptor xml file The Adaptor xml f...

Page 148: ...ort s to bind to HostPortList Contains a list of HostPort tags HTTPIdent Configures the server to respond to or reject an HTTP identification request from a client HTTPTunnel Container tag the tags in...

Page 149: ...rver SetCookie Specified whether the adaptor sets a cookie SSL Container tag contains tags that configure Flash Media Server to act as SSL enabled server for secure communications SSLCACertificateFile...

Page 150: ...Allow tag is a comma delimited list of host names or domain names and or full or partial IP addresses Example Allow foo yourcompany com macromedia com 10 60 1 133 10 60 Allow See also Deny Order Deny...

Page 151: ...80 will result in a failure to connect The client will attempt to perform an SSL handshake that the server will fail to complete Similarly a regular RTMP connection to port 443 will fail because the s...

Page 152: ...onflict the first adaptor to bind to the specified HostPort wins Flash Media Server logs a warning in the Access log file indicating that the specified IP port is in use Although you can assign any po...

Page 153: ...e Example http localhost 1935 fms ident This command sends an HTTP get request GET fms ident HTTP 1 1 Accept Accept Language en us Accept Encoding gzip deflate User Agent Mozilla 4 0 compatible MSIE 6...

Page 154: ...ait before it sends back an ack acknowledgement code for a client idle post Ack is shorthand for acknowledgement code a transmission control character used to indicate that a transmitted message was r...

Page 155: ...ilures This tag specifies the maximum number of failures an edge server may incur before it restarts Description Default number of failures is 2 MaxSize This tag specifies the maximum number of XML fi...

Page 156: ...s sample code as a template for configuring each edge server MimeType This tag specifies the default MIME Multipurpose Internet Mail Extensions type header sent on tunnel responses Description The ser...

Page 157: ...ied unless it is specified in the Allow tag Order Deny Allow Order The alternative sequence Deny Allow indicates that access to a server is allowed unless specified in the Deny tag and not specified i...

Page 158: ...example configures the Redirect tag to forward the request to a specific host depending upon which port the request arrived on Redirect enable false maxbuf 16384 The maxbuf attribute determines how b...

Page 159: ...yourself with a product such as OpenSSL you then use the SSL tags to configure Flash Media Server for SSL The following is a quick start to allowing SSL enabled connections to Flash Media Server Go to...

Page 160: ...stract Syntax Notation 1 The default is PEM See also SSLPassPhrase SSLCipherSuite This tag specifies the suite of encryption ciphers that Flash Media Server uses to secure incoming connections Descrip...

Page 161: ...n control the SSL configuration for this adaptor Contained tags SSLCACertificateFile SSLCACertificateKeyFile SSLCipherSuite SSLPassPhrase SSLSessionTimeout SSLSessionTimeout This tag specifies in minu...

Page 162: ...must have its own directory inside the adaptor directory The name of the directory must be the actual name of the virtual host such as streaming macromedia com Each defined virtual host must be mappe...

Page 163: ...axAge 1000000 MaxAge UpdateInterval 1024 UpdateInterval FreeMemRatio 0 5 FreeMemRatio SmallMemPool LargeMemPool MaxCacheUnits 4096 MaxCacheUnits MaxCacheSize 100 MaxCacheSize MaxUnitSize 16 MaxUnitSiz...

Page 164: ...st Container tag contains the list of Alias tags Allow Specifies the domains that can connect to this virtual host Anonymous Determines whether or not this virtual host runs as an anonymous proxy AppI...

Page 165: ...old for messages that can be returned to the cache MessageCache Container tag tags in this section configure how messages are kept for reuse by Flash Media Server Mode Configures this virtual host to...

Page 166: ...the number of bytes of entropy to use for seeding the pseudo random number generator PRNG SSLSessionCacheGC Specifies how often to flush expired sessions from the server side SSL session cache SSLVer...

Page 167: ...as name alias1 Alias Example Alias name abc abc macromedia com Alias If the name of this virtual host is abc macromedia com but you wish to connect by simply specifying abc then specify the alias abc...

Page 168: ...xy Description Both anonymous and explicit proxies intercept and aggregate the clients requests to connect to the origin server Here are some key differences between anonymous and explicit proxies The...

Page 169: ...g this tag to true creates an implicit proxy to intercept the incoming URIs See also Mode AppInstanceGC This tag specifies how often to check for and remove unused resources for application instances...

Page 170: ...hing behavior Description The contents of the cache are volatile This tag controls whether the cached streams will be written to disk in addition to being cached in the proxy server s memory The proxy...

Page 171: ...ist on a per thread basis Description This tag s setting ranges between 0 and 1 The default setting is 0 125 When more free memory is available to a thread than the specified ratio the freed memory wi...

Page 172: ...proxy to either transparently pass on or intercept requests and responses If the LocalAddress tag is not specified then outgoing connections bind to the value of the INADDR_ANY Windows system variabl...

Page 173: ...he maximum number of free units in the cache Description The default number of free units is 4096 Note the number of free units may be less if the size limit specified by the MaxCacheSize tag is reach...

Page 174: ...he messages in memory for reuse instead of returning them and repeatedly requesting them from the operating system Messages are the essential communication units of Flash Media Server and recycling th...

Page 175: ...operties of an outgoing SSL connection to an upstream server the SSL connection to upstream servers will use the default configuration specified in the SSL section of the Server xml file For more info...

Page 176: ...l is specified however Flash Media Server applies the protocol specified in the RouteTable tag Implicit proxies hide the routing information from the clients The connection syntax for this tag is flex...

Page 177: ...tags to route connections to the desired destination The RouteTable tag can be left empty or it can contain one or more RouteEntry tags The protocol attribute specifies the protocol to use for the out...

Page 178: ...Video files within Flash Media Server to increase performance of FLV streaming and keep frequently used FLV files available in memory Contained tags FreeMemRatio FreeRatio GlobalRatio MaxAge MaxCacheS...

Page 179: ...connection If the SSL tags in a proxy s Vhost xml file are not present Flash Media Server uses the default values specified in the SSL section of Server xml to configure the SSL connection to upstrea...

Page 180: ...ne is added by the server Any application that refers to a stream whose path begins with common will access the item in C FlashMediaServer myApplications shared resources regardless of the application...

Page 181: ...table client virtualKey property Flash Player 8 and Flash Player 9 are assigned Key A earlier versions of the player get Key B When the client plays a stream it will use the appropriate key The replay...

Page 182: ...n the original Streams tag Example VirtualDirectory Streams alphaKey foo c goodStreams Streams Streams betaKey foo c evenBetterStreams Streams VirtualDirectory You create a stream switching scenario b...

Page 183: ...rtualKeys This example shows how the key can be set by the administrator as a client property in the server side script If the client has key A the Key attribute will map to on2 and if it has key B it...

Page 184: ...the values for the ClientToServer and ServerToClient tags nested in these sections to be overridden The Client tag in this XML files includes an override no attribute by default Here are the rules Fla...

Page 185: ...ObjManager StorageDir StorageDir DuplicateDir DuplicateDir ResyncDepth ResyncDepth LockTimeOut LockTimeOut AutoCommit AutoCommit SharedObjManager AllowHTTPTunnel AllowHTTPTunnel Client Bandwidth Serve...

Page 186: ...s the tags in the Application xml configuration file Application xml tag Description Access Container tag contains tag that controls the permission levels in the Access Module the libconnect dll file...

Page 187: ...tions that can be set by the user CombineSamples Container tag contains tags to configure how Flash Media Server uses sound sampling Connections Container tag contains tags to configure settings for H...

Page 188: ...rocesses LoadOnStartup Specifies whether or not to load this application when the server starts LockTimeout Specifies the time out value before unlocking a shared object file LoCPU Specifies the lower...

Page 189: ...ngth a core process is in use RuntimeSize Specifies the maximum size for the script engine Scope Specifies the process scope in which the application runs ScriptLibPath Contains a list of paths the Ja...

Page 190: ...This tag specifies whether or not to allow the following and Location header that is sent with redirection of an HTTP header Description The default is true allowing HTTP redirects Tunnel Specifies wh...

Page 191: ...server or use the HTTP protocol to transmit RTMP packets called HTTP tunneling if there is a firewall that allows only HTTP content to be sent out to public servers The values for this tag are describ...

Page 192: ...nested in this section to be overridden too Contained tags ClientToServer Bandwidth ServerToClient Bandwidth See also BandwidthCap BandwidthCap Container tag Description The tags in this section spec...

Page 193: ...ache file defined in the CacheDir tag The type attribute provides additional specification for the cache prefix The type attribute can be set to path or sname The default is path Examples CachePrefix...

Page 194: ...fix creates a relative path in the proxy s CacheDir All parameters are separated by or CachePrefix type path c fms flvs foo flv data IP CacheDir resolves to data xxx xxx xxx xxx c fms flvs foo flv Cac...

Page 195: ...e maximum bandwidth the client can use for sending data upstream to the server The default bandwidth is 250000 bytes per second See also ServerToClient Bandwidth in this container ServerToClient Bandw...

Page 196: ...tags named DuplicateDir in the Application xml file Located in SharedObjManager container This tag specifies the physical location where duplicate copies of shared objects are stored Description This...

Page 197: ...ppName attribute to true See also StorageDir StreamManager Duration This tag instructs Flash Media Server how long to wait before it notifies the client when the audio has stopped in the middle of a l...

Page 198: ...he Access Module is set to false which allows access permissions to be set at the single file level When the value of this tag is set to true you cannot configure individual files for read or write ac...

Page 199: ...se disallowing the use of the HTTP 1 0 protocol HTTPTunnel Container tag Description The tags nested within this container configure the parameters for HTTP tunneling sending RTMP packets through HTTP...

Page 200: ...d back to the client or if some other client is being blocked by the current idle request This interval implies that the client may not be able to reach the server for the selected duration The interv...

Page 201: ...is being published to a live stream Description Silence messages are used to support older versions of Flash Player Flash Media Server will only send the silence message to clients which are specified...

Page 202: ...he KeyFrameInterval tag is set to 5000 which is an increase of 13 KB or 17 The same video has a size of 109 KB with the KeyFrameInterval tag set to 1000 which is an increase of 33 KB or 43 See also En...

Page 203: ...to wait for an indefinite time LoCPU This tag instructs Flash Media Server to stop combining samples when the CPU utilization is lower than the specified percentage of the CPU resource Description De...

Page 204: ...er does not launch a core process until some minimum recovery time has elapsed Having a time lag for recovery avoids a Denial of Service action which can happen when a faulty core consumes all CPU res...

Page 205: ...valuated as a runaway script and its execution is terminated Setting a maximum time to execute a script prevents infinite looping in scripts The default value is 0 and no checks are performed to detec...

Page 206: ...ed tag Duration Password This tag specifies the password for connecting to the proxy See also Username Port This tag specifies the proxy port to connect to if it is not specified as part of the host i...

Page 207: ...time lag for recovery can avoid a Denial of Service action which happens when a faulty core consumes all CPU time by repeatedly launching itself The recovery time for a core process is specified in se...

Page 208: ...lt is to reuse connections Set this to false to use a new connection after every transfer RollOver This tag specifies how long a core process can be in use before Flash Media Server creates a new core...

Page 209: ...ver runs this application Description Set this tag to app to run an application and all its instances as a single process or to inst to run each instance in a separate process The default setting is a...

Page 210: ...ta downstream to the client Description The default bandwidth is 250000 bytes per second See also ClientToServer Bandwidth ServerToClient BandwidthCap in the BandwidthCap container ServerToClient Band...

Page 211: ...ation is not set Set this tag only if the files for shared objects must be stored in a location other than the application directory By default this tag is not set as it remaps the location where file...

Page 212: ...al DuplicateDir StreamsManager EnhancedSeek KeyFrameInterval StorageDir StreamManager tags Subscribers This tag instructs Flash Media Server to combine sound samples only if there are more than the de...

Page 213: ...ll configure the player and platform for silence messages Contained tag Bits See also Interval Username This tag specifies the username for connecting to the proxy See also Password Verbose This tag d...

Page 214: ...214 Configuration Files Syntax VirtualDirectory virtual dir actual dir VirtualDirectory WriteBuffSize This tag specifies in kilobytes the size of the write buffer Description The default size is 16KB...

Page 215: ...Flash Media Server Support Center at www macromedia com go flashmediaserver_support_en Managing server security Flash Media Server uses a high speed TCP IP protocol called Real Time Messaging Protocol...

Page 216: ...from domains that are not permitted with these tags If you are running the server on a Linux system remember to allow connections from the domains where administrators will use the console to manage a...

Page 217: ...ou specify the locations for storing streams and shared objects You can store them in locations outside the applications directory in the Macromedia Flash Media Server directory if you wish The Bandwi...

Page 218: ...ess 3 Vhost xml file Allow and Deny tags These tags indicate whether a user is allowed to connect to the specified virtual host from the current IP address The server authenticates administrators by c...

Page 219: ...ion tasks JavaScript security This release of Flash Media Server adds support for custom third party pods Pods are essentially a combination of user interface elements that along with client and serve...

Page 220: ...ion is started it first looks for and loads the file secure asc During this period of time it makes the APIs protectObject and getGlobals available These may be used to manipulate global functions cla...

Page 221: ...protectObject userObj takes an object and returns the wrapper object Any user defined object that has been protected with this proObj function becomes a wrapper object whose methods may be considered...

Page 222: ...oring them as a protected object which will make it available only through a wrapper This technique for creating protected objects allows application developers to hide built in global functions or im...

Page 223: ...ivileged funcs Remove any access to system object this sysobj null delete this sysobj Pass on the result to the user callback this userResponder onResult res this _nc call func sysResponder arg1 arg2...

Page 224: ...le to control settings of the client connection or to access relevant server statistics such as the number of connections The Access DLL module is initialized upon Flash Media Server startup Flash Med...

Page 225: ...s for the server s resources When the connection request from a client is first attempted the Access module intercepts the request before sending it to the server The Access DLL module calls upon its...

Page 226: ...er to the Access module getDescription Returns a description of the Access module getStats Returns a selected server statistic such as number connected API name Description getType Returns the type of...

Page 227: ...pt s client writeAccess The second parameter is a Boolean value with its default as true This Boolean value if true will lock user scripts from changing this value If false user scripts will be allowe...

Page 228: ...lue c user agent fprintf stderr SampleAdaptor Connect client ip s n safestr pAccess getValue c ip char strValue char malloc STRING_VALUE_BUFFER_LEN memset void strValue 0 STRING_VALUE_BUFFER_LEN m_pCt...

Page 229: ...eavesdropping by unauthorized third parties Because secure connections require extra processing power and might affect the server s performance use RTMPS only for applications that require a higher l...

Page 230: ...t be overridden in Adaptor xml Using other secure development practices You might not want to use SSL in all your applications because of the additional processing time required to encrypt data over a...

Page 231: ...dition to the precautions taken during the application development process you should deploy your media applications in a firewall protected environment Firewalls provide port based protection for you...

Page 232: ...also configure a firewall to control the ports users inside and outside your network can connect to Log file precautions A log file is a file that contains information about events that have occurred...

Page 233: ...157 Redirect 158 ResourceLimits 158 SetCookie 158 SSL 159 SSLCACertificateFile 159 SSLCACertificateKeyFile 160 SSLCipherSuite 160 SSLPassPhrase 160 SSLServerCtx 161 SSLSessionTimeout 161 UpdateInterv...

Page 234: ...Password 206 Port 206 Process 206 Proxy 207 RecoveryTime 207 Redirect 207 ResyncDepth 208 Reuse 208 RollOver 208 RuntimeSize 208 Scope 209 ScriptLibPath 209 SendSilence 210 ServerToClient Bandwidth 21...

Page 235: ...arting the server 15 log files 22 23 34 51 232 Logger xml file 134 146 description of tags 137 146 file structure 135 summary of tags 136 Logger xml tags Access 137 Application 137 Delimiter 137 Diagn...

Page 236: ...ipt 219 log files 232 passwords 224 permission levels 222 ports 63 privacy 231 protecting configuration files 217 protecting objects 221 restricting connections 216 230 script loading 220 server side...

Page 237: ...uckets 119 SocketTableSize 119 SSL 119 SSLCACertificateFile 120 SSLCACertificatePath 120 SSLCipherSuite 121 124 SSLClientCtx 124 SSLRandomSeed 125 SSLSessionCacheGC 125 SSLVerifyCertificate 125 SSLVer...

Page 238: ...ous 168 AppInstanceGC 169 AppsDIr 169 CacheDir 170 DNSSuffix 170 FreeMemRatio 171 FreeRatio 171 GlobalRatio 171 LargeMemPool 172 LocalAddress 172 MaxAge 172 MaxAppInstances 172 MaxCacheSize 173 MaxCac...

Reviews:

No comments

Related manuals for FLASH MEDIA SERVER 2-MANAGING FLASH MEDIA...

Brand: Canon Pages: 153

Brand: Canon Pages: 132

Brand: Canon Pages: 135

Brand: Canon Pages: 198

Brand: Canon Pages: 98

Brand: NEC Pages: 4

Brand: Garmin Pages: 6

DREAMWEAVER 8-EXTENDING DREAMWEAVER

Brand: MACROMEDIA Pages: 504

DRAGON NATURALLYSPEAKING PROFESSIONAL 5

Brand: Dragon Systems Pages: 222

TROPOS SUPERSEARCH 2.4.0.000

Brand: SSI Pages: 8

App for Android

Brand: TomTom Pages: 58

Brand: Sharp Pages: 16

AR-P17 Software setupg guide

Brand: Sharp Pages: 22

Brand: Sharp Pages: 39

Brand: Sharp Pages: 43

Brand: Sharp Pages: 48

MXUSX5 - Desk - PC

Brand: Sharp Pages: 91

e-Copy ShareScan OP 3.0

Brand: Sharp Pages: 144

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands