Securing Parameters

The "Basic integration" chapter has covered mechanism of data delivery from end client to authentication handler. All parameters in provided samples travelled through the system in plain text this way exposing user account information.

 Before moving to production one should consider building a secured authentication system based on parameters encryption. There are many different approaches to build such system and the one you choose will depend on your website structure and personal preferences.

The below diagram demonstrates one of the possible implementations:

Explanation:

1. In our example we use encrypted SESSION_ID as the value of "UID" in presence code (JS and Presence pixel setup- > step#2) . You may use any data and any encryption mechanism (MD5, SHA1 etc).

2. Encrypted UID is passed from media server to handler via RTMP.

3. Handler queries against database to find a match in sessions table using encrypted UID as a criteria.

4. The match found is returned to handler.

5. Handler uses incoming data to generate XML formatted response. If no match found handler sends authorization failed error.

6. Full profile is sent to flash client via RTMP.