security problem ?

Sebastian Dröge sebastian at centricular.com
Fri Nov 22 12:14:09 PST 2013


On Fr, 2013-11-22 at 13:35 +0900, Tanaka wrote:
> [...]
> 0:00:01.877327548 11146 0x9765a40 INFO playbin
> gstplaybin2.c:2028:gst_play_bin_set_sink:<RTSP_playbin> Setting video
> sink to <RTSP_vsink>
> 0:00:01.877439149 11146 0x9765a40 INFO playbin
> gstplaybin2.c:2028:gst_play_bin_set_sink:<RTSP_playbin> Setting audio
> sink to <RTSP_asink>
> 0:00:01.877490211 11146 0x9765a40 DEBUG playbin
> gstplaybin2.c:1493:gst_play_bin_set_uri: set new uri to
> rtsp://user:password@192.168.100.82:8554/channel_02
> 0:00:02.877808934 11146 0x9765a40 DEBUG playbin
> gstplaybin2.c:4005:setup_next_source:<RTSP_playbin> setup sources
> 0:00:02.877896801 11146 0x9765a40 DEBUG playbin
> gstplaybin2.c:3679:activate_group:<RTSP_playbin> activating group 0x97bed7c
> 0:00:02.877919446 11146 0x9765a40 DEBUG playbin
> gstplaybin2.c:3708:activate_group:<RTSP_playbin> making new uridecodebin
> 
> 
> user_name and password displayed ...
> 
> this is security problem ?

If you don't want them to appear like this in the debug logs, don't set
them via the URI. That's like passing passwords to applications via
commandline parameters :)

You could e.g. use the user-pw and user-id properties on rtspsrc.

-- 
Sebastian Dröge <sebastian at centricular.com>
Centricular Ltd - http://www.centricular.com
Expertise, Straight from the Source
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 966 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freedesktop.org/archives/gstreamer-devel/attachments/20131122/c4adec3e/attachment-0001.pgp>


More information about the gstreamer-devel mailing list