Someone help you, I point wrong, I did not solve the problem, has been plagued for several days. I set the password, but that these passwords are written on the client, it is not being seen, ah
Hello, master. My question is, I gave tourists groupSpecWithoutAuthorizations (), but he can easily access after login to groupSpecWithAuthorizations () value, then you can as a tourist, but there are POST and publish permissions, and ask how to deal with this
the groupspecWithAuthorizations includes the passwords. therefore, the groupspecWithAuthorizations must be treated as a secret password. it must only be given to clients that are allowed to publish/post in your group.
one way to do this is to generate the groupspec strings in a central place (either on an authorized client, or on FMS), and only give out the pre-computed groupspec strings to other clients. since all of the information (including passwords) is needed to generate the groupspec using the GroupSpecifier class, you don't want to generate the groupspecs using GroupSpecifier on each client, since that would involve transmitting the passwords to every client, whether each was authorized for publish/post or not.
Thank you very much Michael.I generate the groupspecWithAuthorizations in FMS.like this
var spec=new GroupSpecifier("my-group");
spec.postingEnabled = true;
spec.serverChannelEnabled = true;
var specResponder:Responder=new Responder(setGroup);
However, hackers can still get to groupspecWithAuthorizations, then he can be destroyed