Flash Media Server 3 includes functionality to verify that a connecting SWF has not been modified by a third party:
"If desired, you can configure the server to verify client SWF files before allowing them to connect to an application. Verifying SWF files prevents someone from creating their own SWF files that attempt to stream your resources."
This feature works only in FP 9.0.115, so I guess the Player performs some kind of checksum on the running SWF when a certain AMF3 connection is opened (or the server requests for the checksum to be computed). The great thing about this is that this cannot be spoofed (if the user does not modify the Flash Player itself). This means that you can be absolutely sure that the SWF connecting to your server has not been modified in any way, making it very easy create a trusted relationship with the client.
Now, how the hell do we implement this absolutely fantastic feature in non-media server projects? It has to be in the AMF3 protocol somewhere. Anyone? Adobe?
