Wowza Community

SecureToken and SWF decompilation


We have implemented the SecureToken parameter, but its very easy for people download the SWF and then get the token from there. Then, they surface our site using RTMPDUMP. We have tried to obfuscate with a 400usd license from SecureSWf with no luck, people still can hack the JWplayer somehow. Is there any other wowza security that we can implement, we have a free site, so no user/password are good for us. I feel wowza is really really unsecure so far.


Are you using rtmps or rtmpe? Take a look at the new Security Overview article:


The Security Overview is a thorough look at the options, except a custom security layer. For example, expiring links as in this Wowza customer’s post:

We don’t have any Wowza examples like that because the point is to make something up. Of course your options are more limited without user authentication.


I’m using RTMPE. I was thinking they might be getting the token using wireshark or other method once the code left the SWF.