Question about GstRTSPAuth and GstRTSPServer
Locked
Question about GstRTSPAuth and GstRTSPServer
 
|
Re: Question about GstRTSPAuth and GstRTSPServer
|
|
On Thu, 2017-02-09 at 15:58 +0000, Oscar Forner Martinez wrote:
> Hi, > > I want to use basic authentication with an RTSP server. For that I found > in the documentation how to do it using the GstRTSPAuth and > GstRTSPServer. However, the GstRTSPAuth requires a username and > password. Is there a way to use a digest of the password like it is done > in web servers with the .htpasswd files instead of providing the > username and password? > > I am asking because this would force me to store the password in plain > text in order to use it in the GstRTSPAuth. to store the password in clear text on the server side. With basic auth, things are even worse though. You actually transmit the password in clear text over the network (well, base64 encoded...). The server is then checking that against what is locally stored. With basic auth, storing the clear text password server-side is the least of your worries. With digest auth you don't send the password in clear text and in theory the server could store only a hash (of username, realm and password) instead of the clear text password. However this is currently not implemented in gst-rtsp-server. If you want to provide a patch for that, that would be very useful though. It's not difficult to add. -- Sebastian Dröge, Centricular Ltd · http://www.centricular.com _______________________________________________ gstreamer-devel mailing list [hidden email] https://lists.freedesktop.org/mailman/listinfo/gstreamer-devel |
signature.asc (981 bytes) | Free forum by Nabble | Edit this page |