AVChat Software Product Blog

Follow us on Twitter and get the latest discounts, coupon codes, promotional events, product releases and more! Stay tuned for special offers and even surprise give-aways! If you’re not following us on Twitter – you should be!

Since the new Social Engine version 4 is available and stable, we prepared the integration kit for it.

New Features:

• AVChat 3 settings available directly in the administration area
• RTMP connectionstring now can be entered in the administration area (no avc_settings.php edit needed)
• Admins and users with admin/moderator access to the chat are automatically served the AVChat admin interface instead of the user interface from where they can kick and ban people.
• You can setup the chat to open in pop up window.

Features present in the SE3 plugin too:

• Username/gender integration: users will have the same username and gender in the web site and in the video chat.
• Different features for different user levels, you can control the video chat features independently for each user level.
• Kick and ban people, admins have access to the admin area of AVChat 3 from where you can kick and ban people.
• Profile picture integration: the profile pictures are automatically used inside the video chat.
• Access profiles directly from the video chat: you can access the profiles of users directly from the video chat.
• Easy to access: A link to the video chat is automatically inserted in the main menu.
• Simple install, It installs as any other SocialEngine plugin.

The price for the video chat plugin for Social Engine 4 is $49 (includes the video chat module for Social Engine 3 too) and it’s available when you buy AVChat 3.

To buy the AVChat 3 Video Chat Plugin for your Social Engine 4 website go to the plugin page and select a AVChat 3 license + the Social Engine Plugin.

Clients who already own a Social Engine plugin license can download it at any time from the download page provided after the purchase.

Build 910 is now available for download, we’ve made this quick release to fix some issues in build 900:

• token_request.asp and .aspx were missing which resulted in the Invalid token! Please try again! error when trying to use AVChat with .aspx or .asp (full aspx support is still being worked on, token based authentication is still available only with php for now )
  
• the ip’s of the users were not shown properly in all places (like in the ban user window or in the external users list)
• record the audio video streams now defaults to false on FMIS
• the external users list generated by FMIS missed some spaces which resulted in a .xml file that was not parseable
  
• updated some typos and default values in avc_settings.xxx
• the toggle stream privacy option is not visible anymore when usersCanSwitchBetweenPrivateAndPublic is disabled in avc_settings.xxx

How to get the new AVChat 3 build:

• download the software again from your client area

How to update your installation:

• in the usual way: overwrite ALL the old files (including the en.xml language file and the media server files) and restart the media server!
• if the above fails make a clean clean  install!

New features:

• works properly on Android phones with Flash Player 10.1
• new setting: users can create only public or only private rooms (allowedRooms setting in avc_settings.xxx)
• new setting: can users switch their stream to private/public (usersCanSwitchBetweenPrivateAndPublic setting in avc_settings.xxx)
• new setting: turn off te video chat for maintenance (downForMaintenance setting in avc_settings.xxx)
• new setting: kick users after being idle for some time (kickAfterIdleTime setting in avc_settings.xxx)
• new setting: position the who is typing box at the top or bottom of the text chat  (whosTypingPosition setting in avc_settings.xxx)
• you can now control the background color of the users list frum style.css
• new [Reset] button in the admin’s Rooms pannel that resets the users number
• option to hide the top status bar completely (hideStatusBar in avc_settings.xxx)
• initial RTL support (rightToLeft setting in avc_settings.xxx, feature still in beta)
• toggle video button on other people’s webcams (turning video off on a stream will save a lot of bandwidth, you will still hear the audio)
• profileURL in avc_settings.xx is now independent for each user (this will mean that guests will not have  a functional [View Profile] link in the video chat)
• you can now change the female/male/couple icons used troughout the video chat (maleImageUrl, femaleImageUrl and coupleImageUrl settings in avc_settings.xxx)
• an eye icon is now shown in the userslist besides everyone who is watching you
• slight improovement in emoticons positioning + emoteicons are now resized if they are higher than 14px
• the siteId variable for each user is now also available in the external rooms list
• Social Engine 4 integration kit
• updates to the phpFox2 integration kit (settings and pop-up options available directly from the admin area)

Security improovements:

• token authentication for Red5, FMIS and Wowza (php only, turned off by default, article on how to turn it on will be available soon)
• admins can now delete multiple rooms at once
• admins can now ban ip ranges
• added js code tho html files to prevent inclusion of the video chat in iframes
• improoved ip distribution and access to ip info mechanism
• improoved private mesages distribution mechanism
• added optional ip check to scripts on the web server called only by the media server
• more secure upload proces

Fixed bugs:

• keyboard input did not matter when tracking your idle status
• one could not enter a room full with hidden admins

How to get the new AVChat 3 build:

• download the software again from your client area

How to update your installation:

• in the usual way: overwrite ALL the old files (including the en.xml language file and the media server files) and restart the media server!
• if the above fails make a clean clean  install!

Starting with build 900, AVChat 3 introduces a new security feature called “token based authentication”. When enabled this prevents 3′rd party swf files (hosted on other web sites than your own or by malicious users) to connect to your media server. There are other security measures in place to prevent this however token based authentication is the most secure!

This feature is turned off by default because with it enabled:

• it takes slightly more time for users to connect to the media server,
• it might cause some connection attempts to the media server over slow Internet connections to fail
• we’ve only had a few clients that really needed this feature!

How o turn it on:

• install AVChat
• edit the settings file on the media server  (avchat3.properties on Red5 and Wowza, settings.asc on FMIS)
• set the value of the tokenUrlLocation variable to the absolute url to token_verify.php  (token_verify.php is in the folder where you installed AVChat on your website, good example: http://avchat.net/demos/av30/token_verify.php)
• restart the media server

AVChat  is pretty secure out of the box, however, there are steps you and your developers can take to make your AVChat installation even more secure. We have now grouped these steps in a NEW SERVICE we’ll offer called Secure your AVChat installation.  The service is priced at $199.  We will annalyze your AVChat and media server  installation and propose/implement security measures against a broad range of attacks.

These are some of the measures we will take:

• Secure the data exchange  between the clients and the media server by using rtmpe or rtmps instead of plain rtmp.
  RTMPS communication leverages the proven security of SSL to wrap your RTMP session. RTMPE-based communication offers some of the benefits of RTMPS, but not all. It trades performance and certificate-less communication for being a versioned protocol under private Adobe control, rtmpe is only available with Wowza and FMIS not with Red5.
• Secure connections to the media server by configuring and activating the token authentication mechanism in AVChat (will be available/detailed in the August build).
  The token based authentication ensures that only swf files from your web server are allowed to connect to your media server. To use it you need to manually configure and activate it.
• Secure the streams from being rebroadcasted.
  We can do that by placing a watermark/logo over them (see the watermarkForOtherPeoplesStreams var in avc_settings.xxx).
• Secure the admin AVChat’s area by limiting the ip’s from which admins can connect.
  AVChat  allows you to limit the ip from which admins are allowed to connect trough admin.swf  (seethe adminsAllowedFromTheseIps var in settings.asc on FMIS and avchat3.properties on Red5 and Wowza)
• SWF verification (FMIS only)
  Turning on and configuring swf verification on FMIS ensures that custom swf files (with altered or additional functioanlity, etc…) will never be able to connect to YOUR media server.
• Secure upload/download process
  The sending of files to rooms and individual users can be further secured by moving the upload folder to a non-public area on the web server.
• Secure access to some  scripts on the web server.
  Writeuserslist.xxx and  other scripts are only called/executed by the media server. It’s safe then to make them execute only when called by the media server (and not when called from a web browser) .
• Remove any unneeded media server applications
  Both Red5 and FMIS ship with default applications, we’ll consider removing them to no longer allow the permissive and well-known sample applications to run and be exploited.

Most of these measures can also be taken/implemented by you or your developers and we will try to post detailed information on each one of the above steps.

Securing such a complex product needs a lot of thinking as there are a lot of angles a hacker can take to attempt to disrupt the normal activity in the video chat.