var gs:GroupSpecifier = new GroupSpecifier("com.example.mygroup/authenticated-chat");
gs.postingEnabled = true;
gs.serverChannelEnabled = true;
gs.setPostingPassword("password", netConnection.nearID); // password should be a real, unguessable password
var groupspecForOthers:String = gs.groupspecWithoutAuthorizations();
var groupspecForPoster:String = gs.groupspecWithAuthorizations();
the easiest way to not divulge the password at all is to precompute these groupspecs and store them/retrieve them from a web server at run time. or bake the groupspecs themselves into the swf (after generating them elsewhere). perhaps have one swf for others and one swf for the poster, and get them via HTTPS (perhaps requiring web authentication to get the one for the poster).
an alternate way to generate groupspecForPoster is:
var groupspecForPoster:String = groupspecForOthers + GroupSpecifier.encodePostingAuthorization("password");
then you could have one swf with groupspecForOthers baked in. you could pop up a password dialog to get the password from the user (so the user would have to know it already). you could then generate the groupspecForPoster as shown above.
Thank you, Mike, for your timely reply. Forgive me the delay, because now is our most important festival, I just back from a party.
Now I understand, but I still wonder,
1. if a group is in running, and a authorized user has joined. Now he misdoes, I want to withdraw the authentication, how can I? revise the password and recreate the group?
2. How can I setup a group, just authorized users can join? I know I can use secret group name, but if authorized user divulge the group name, others without autentication can join the group too. ( because the swf easy to reverse, hacker can sniff the opaque groupspec string, revise the swf, impersonate authorized user, etc).
3. How can I banishment a misdoer from my group?
Thanks again for your time.
1. if you want to use group authorizations for that kind of access control, then yes, your only recourse is to revise the password, recreate the group, and have everyone in the old group join the new one.
2. at the current time, anyone who knows the secret group name can join. from an information leakage/participation point of view, there's no difference between an authorized user giving out the secret group name vs. an authorized user divulging the information they learn in the group, or of the authorized user injecting information into the group on behalf of the unauthorized one. hackers can decompile the swf to find a baked in groupspec string, but you can store the groupspec string on an HTTPS web server and require authenticated access to that server to retrieve it.
3. you can't force an existing member of a group to leave.
I read all your replies.It really make to know more in about groupsprec.I also doing a video chat application using stratus(FP 10).what i want to know is that all who connected to stratus are grouped using NetGroup.I am using flex 3 with SDK 3.2,FP 10.Can i make use of Netgroup in my application?
Can u send any video tutorial or sample code available for the netgroup wth authentication and without authentication?
the new RTMFP Groups features, including NetGroup and group NetStreams, require Flash Player 10.1 or above. Flash Player 10.1 is currently in beta prerelease.
i posted some samples from my MAX 2009 lab session back in november, illustrating using NetGroup for text chat using posting, group NetStreams for streaming video with P2P multicast, and Stratus server channel for automatic group bootstrap. please see this thread:
Hi, Mike, thanks for your reply.
I think if there is a super user with the rights of banishing a member from group, withdrawing the publishing authorization, interrupting others speech, and dissolving the group, the solution is perfect, otherwise if the group in disorder, nobody can rescue.
I found a method in NetGroup named addMemberHint, I guess it is for add a member to group, why there is not a removeMemberHint like method?
Hope I am not using your too much time.
NetGroup.addNeighbor() and .addMemberHint() are for assisting (or bootstrapping) the self-organizing topology system. they don't have anything to do with access control, and the peers you give to those methods must already be joined to the group.
RTMFP groups are decentralized, cooperative, self-organizing systems. if you need a central point of control, you can use a central server, like FMS.