[FFmpeg-devel] [RFC] RTSP/HTTP authentication in ffserver
Reimar.Doeffinger at gmx.de
Mon Dec 30 11:15:38 CET 2013
On Mon, Dec 30, 2013 at 11:06:58AM +0100, Stefano Sabatini wrote:
> do you know if this can be implemented in ffserver?
Not sure what kind of answer you want?
There are some complications.
Either you can use basic authentication, but that then sends the
password as plaintext. So IMHO SSL/TLS should be required with that
approach (though I hear there are still e.g. email providers around that
allow unencrypted plaintext authentication).
Alternatively "Digest" authentication could be used, but that has its
own issues server-side, for example you need to use good (enough) random numbers.
As far as I can tell it also needs an extra round-trip, so you need to
add support for first requesting authentication from the client and only
then getting the data, and checking that the digest you receive is the
expected one. With plaintext you could just expect the client to provide
the authentication information upfront I guess.
More information about the ffmpeg-devel