Re:TLS/SSL enabled smartfoxserver

Need help with SmartFoxServer? You didn't find an answer in our documentation? Please, post your questions here!

Moderators: Lapo, Bax

Is TLS security important to you?

Poll ended at 01 Apr 2009, 14:08

Very Important
0
No votes
Important
0
No votes
Can live without it
2
100%
Not important.
0
No votes
 
Total votes: 2
dservgun123
Posts: 5
Joined: 09 Dec 2008, 16:14

Re:TLS/SSL enabled smartfoxserver

Postby dservgun123 » 22 Mar 2009, 14:08

Is it possible to run smart foxserver on a TLS enabled client and server? Is there a document that outlines the steps a hosting service and a developer need to take.
Thanks.
User avatar
Lapo
Site Admin
Posts: 23007
Joined: 21 Mar 2005, 09:50
Location: Italy

Postby Lapo » 23 Mar 2009, 07:23

Using encryption is possible since the introduction of Actionscript 3
Flash Players before version 9 don't support it, because there's no support for binary sockets.

At the moment SFS doesn't support this feature. We will introduce it in the next major release.
It is however possible to use SSL by sending data to the embedded HTTP server, which supports secure connections

Another problem I see is that SSL encryption is pretty slow and would kill the performance of both client and server so I wouldn't recommend running an entire session with that feature enabled.

It would be better to only use it for critical messages. Also take into account that SmartFoxServer uses persistent connections, while HTTP based applications continuosly open and close connections to the server.
This means that a SmartFoxServer session is already way more secure than an HTTP based one. In order to "capture" its data you should be able to install and run a packet sniffer on the client machine... not impossible, but it's not something anyone can do.

Finally, SFS already provides a secure mechanism for login, to avoid password sniffing.
Lapo
--
gotoAndPlay()
...addicted to flash games
bmidgley
Posts: 21
Joined: 26 Feb 2010, 04:41

Postby bmidgley » 05 Apr 2010, 20:47

Lapo wrote:It is however possible to use SSL by sending data to the embedded HTTP server, which supports secure connections


Lapo, is there any documentation for making jetty use ssl? We wrote a servlet to process paypal payments and it needs to use ssl.
User avatar
Lapo
Site Admin
Posts: 23007
Joined: 21 Mar 2005, 09:50
Location: Italy

Postby Lapo » 06 Apr 2010, 06:59

Hi,
no we don't provide that because Jetty already comes with detailed documentation from its website --> http://www.mortbay.org/
I also have to say that we incorporate a light-weight version of Jetty to avoid adding too many dependencies. The current Jetty embedded with SFS does not support SSL out-of-the-box. You could either re-integrate those libraries or choose to run Jetty standalone on another machine.
Lapo

--

gotoAndPlay()

...addicted to flash games
Zanpher
Posts: 96
Joined: 05 Oct 2009, 23:15

Postby Zanpher » 20 May 2010, 20:55

Hmm, I cant vote.. that is weird.

Thanks for the news that SFSx2 will support SSL :) This is extremely important to me as my customers value their privacy :)

Slowness doesn't matter here, only security :) Now to get Redbox supporting it, and I'm GTG.

Return to “SmartFoxServer 1.x Discussions and Help”

Who is online

Users browsing this forum: No registered users and 38 guests