Is it possible to run smart foxserver on a TLS enabled client and server? Is there a document that outlines the steps a hosting service and a developer need to take.
Thanks.
Re:TLS/SSL enabled smartfoxserver
-
- Posts: 5
- Joined: 09 Dec 2008, 16:14
Using encryption is possible since the introduction of Actionscript 3
Flash Players before version 9 don't support it, because there's no support for binary sockets.
At the moment SFS doesn't support this feature. We will introduce it in the next major release.
It is however possible to use SSL by sending data to the embedded HTTP server, which supports secure connections
Another problem I see is that SSL encryption is pretty slow and would kill the performance of both client and server so I wouldn't recommend running an entire session with that feature enabled.
It would be better to only use it for critical messages. Also take into account that SmartFoxServer uses persistent connections, while HTTP based applications continuosly open and close connections to the server.
This means that a SmartFoxServer session is already way more secure than an HTTP based one. In order to "capture" its data you should be able to install and run a packet sniffer on the client machine... not impossible, but it's not something anyone can do.
Finally, SFS already provides a secure mechanism for login, to avoid password sniffing.
Flash Players before version 9 don't support it, because there's no support for binary sockets.
At the moment SFS doesn't support this feature. We will introduce it in the next major release.
It is however possible to use SSL by sending data to the embedded HTTP server, which supports secure connections
Another problem I see is that SSL encryption is pretty slow and would kill the performance of both client and server so I wouldn't recommend running an entire session with that feature enabled.
It would be better to only use it for critical messages. Also take into account that SmartFoxServer uses persistent connections, while HTTP based applications continuosly open and close connections to the server.
This means that a SmartFoxServer session is already way more secure than an HTTP based one. In order to "capture" its data you should be able to install and run a packet sniffer on the client machine... not impossible, but it's not something anyone can do.
Finally, SFS already provides a secure mechanism for login, to avoid password sniffing.
Hi,
no we don't provide that because Jetty already comes with detailed documentation from its website --> http://www.mortbay.org/
I also have to say that we incorporate a light-weight version of Jetty to avoid adding too many dependencies. The current Jetty embedded with SFS does not support SSL out-of-the-box. You could either re-integrate those libraries or choose to run Jetty standalone on another machine.
no we don't provide that because Jetty already comes with detailed documentation from its website --> http://www.mortbay.org/
I also have to say that we incorporate a light-weight version of Jetty to avoid adding too many dependencies. The current Jetty embedded with SFS does not support SSL out-of-the-box. You could either re-integrate those libraries or choose to run Jetty standalone on another machine.
Return to “SmartFoxServer 1.x Discussions and Help”
Who is online
Users browsing this forum: No registered users and 38 guests