[FFmpeg-devel] [RFC] RTSP/HTTP authentication in ffserver

Stefano Sabatini stefasab at gmail.com
Thu Jan 2 18:13:51 CET 2014

On date Monday 2013-12-30 11:15:38 +0100, Reimar Döffinger encoded:
> On Mon, Dec 30, 2013 at 11:06:58AM +0100, Stefano Sabatini wrote:
> > Hi,
> > 
> > do you know if this can be implemented in ffserver?
> Not sure what kind of answer you want?

Mostly pointers to specs and/or code.

> There are some complications.

> Either you can use basic authentication, but that then sends the
> password as plaintext. So IMHO SSL/TLS should be required with that
> approach (though I hear there are still e.g. email providers around that
> allow unencrypted plaintext authentication).
> Alternatively "Digest" authentication could be used, but that has its
> own issues server-side, for example you need to use good (enough) random numbers.
> As far as I can tell it also needs an extra round-trip, so you need to
> add support for first requesting authentication from the client and only
> then getting the data, and checking that the digest you receive is the
> expected one. With plaintext you could just expect the client to provide
> the authentication information upfront I guess.

Uhm, I don't think I'll work soon on this but I'll probably create a
ticket so users can track this.

Thanks for your reply.
FFmpeg = Fiendish Fundamentalist Merciless Proud Earthshaking Guru

More information about the ffmpeg-devel mailing list