Macromedia flash media server 2-managing flash media server ユーザーズマニュアル
218
Flash Media Server Security
About authentication and authorization
To authenticate (validate) administrators, Flash Media Server employs several layers of host-
based user security. (Host-based security refers to security measures that are implemented in the
server software itself.) When a user tries to connect to the management console with an
administrator user name and password, the server uses the layers of settings in its
configuration files to determine whether the connection should be allowed. Only
administrators who have been explicitly defined can connect to the server to use the console.
based user security. (Host-based security refers to security measures that are implemented in the
server software itself.) When a user tries to connect to the management console with an
administrator user name and password, the server uses the layers of settings in its
configuration files to determine whether the connection should be allowed. Only
administrators who have been explicitly defined can connect to the server to use the console.
The server authenticates administrators by evaluating the contents of the XML tags in the
configuration files in the following order:
configuration files in the following order:
1.
Users.xml file:
Allow
and
Deny
tags. These tags indicate whether a user is allowed to
connect to the console from the current IP address. Administrators can connect only from
IP addresses you have specified with these tags.
IP addresses you have specified with these tags.
2.
Adaptor.xml file:
Allow
and
Deny
tags. These tags indicate whether a user is allowed to
connect to the specified adaptor from the current IP address.
3.
Vhost.xml file:
Allow
and
Deny
tags. These tags indicate whether a user is allowed to
connect to the specified virtual host from the current IP address.
The server authenticates administrators by comparing their user names and passwords to
those defined in the Users.xml file. When you choose these names and passwords, make sure
they are not simple ones that can be easily guessed.
those defined in the Users.xml file. When you choose these names and passwords, make sure
they are not simple ones that can be easily guessed.
To have the server perform authentication of connecting users other than administrators, use
the
the
Allow
and
Deny
tags in the Adaptor.xml and Vhost.xml files. With these tags you can
prevent users from connecting from all domains other than those you specify. The server
checks incoming connections against the Adaptor.xml file and then the Vhost.xml file when
processing non-administrator connection requests.
checks incoming connections against the Adaptor.xml file and then the Vhost.xml file when
processing non-administrator connection requests.
To provide administrator authorization (assigning permissions), the server uses the Users.xml
file. When you define a user as a server or virtual host administrator in this file, the server
associates certain permissions with that user. Virtual host administrators can manage only a
virtual host—for example, they can reload or disconnect applications on that virtual host.
Server administrators can exercise control over all virtual hosts and perform server-level tasks,
such as restarting or shutting down the server.
file. When you define a user as a server or virtual host administrator in this file, the server
associates certain permissions with that user. Virtual host administrators can manage only a
virtual host—for example, they can reload or disconnect applications on that virtual host.
Server administrators can exercise control over all virtual hosts and perform server-level tasks,
such as restarting or shutting down the server.