I'm using WowzaMediaServer on amazon ec2 with secureToken enabled and I'm using the default videochat application and I've build a custom flash client to fit my needs.
I only found a security the problem in this setting: it is possible to overwrite the broadcasting streams.
For example if I broadcast the stream 'testing' to WowzaMediaServer with my client, then I open a second client on a different computer to also broadcast 'testing' to the WowzaMedia server, than the receiving client shows the webcam of the second computer and NOT of the first computer.
So the second computer overwrites the stream and this stream is displayed. Since it's quite easy to spot the stream names using a packetsniffer suchs as wireshark, you could build another simple client that overwrites all the streams.
How can I setup a protection for this at the server side to prevent overwriting of streams?