As of late, I’ve been working on project that involves streaming flash video with Flash Media Server. I’ve been a bit frustrated by the process, and wanted to post some tips I’ve picked up along the way. Follow the jump if you care …
First off, if you just need to stream FLV files off a FMS, take a look at the Livedoc entry for this topic. If you follow those steps directly, you should be able to stream video. Just launch Flash8, go file->import->video, enter your rtmp:// address and you’re set.
If you screw something up with the main.asc file, or forget to include it, you’ll need to restart the server after fixing the problem. What you’ll quickly learn as you work on further main.asc development is that server restarts become habitual. This is a bit more trouble if you’re working on a server that hosts live applications, but I suppose you shouldn’t be doing development work on such a server.
If you want to go a step further and start implementing securing on the server – that is, real security, not just security through complexity – you have two options. Which are actually only one option. Dig?
You see, when you read the documentation about FMS, you’ll find out about something called the “Access DLL,” which is represented by a file called libconnect.dll/libconnect.so. This is supposed to be a wonderous API through which you can write C code to control access to your content.
The problem is, it doesn’t exist. At least, not in any way that I’ve discovered. You see, there’s supposed to be an SDK and sample code to aid one in developing such a module. The documentation makes repeated mentions of this sample code. But nobody seems to have ever seen said sample code. Adobe phone support was helpful enough to suggest that I purchase a $10,000 support control in order to ask whether such an SDK actually exists. Fantastic. A bit out of my budget though.
However, main.asc, the file that you need in place in order to stream you content, gives you a pretty good level of access control. They’re even nice enough to document it:
//Add security here
You can do a few things to enhance your security. You can check the client.referer property to make sure that the SWF that’s connecting to you actually came from a valid host. If you want to get really sneaky though, add a query string to the SWF file when you load it. For example:
Anything you pass in on the query string to the swf will be visible to the Flash server inside your main.asc actionscript. That means that you can pass information from the http server to the Flash server dynamically.
If you don’t use the FLVPlayback builtin in Flash8, you have a lot more options about client->server interaction. You don’t need to do the hacky query string solution, but instead can actually pass objects back and forth. However, FLVPlayback is supremely nice, so it’s a shame not to use it.
Anyways, my hatred of Flash is slow waning, as I grow more comfortable with the tools. I’m far from liking it, but I’m closer to tolerating it.