Question about GstRTSPAuth and GstRTSPServer

Sebastian Dröge sebastian at centricular.com
Mon Feb 13 14:01:39 UTC 2017


On Thu, 2017-02-09 at 15:58 +0000, Oscar Forner Martinez wrote:
> Hi,
> 
> I want to use basic authentication with an RTSP server. For that I found 
> in the documentation how to do it using the GstRTSPAuth and 
> GstRTSPServer. However, the GstRTSPAuth requires a username and 
> password. Is there a way to use a digest of the password like it is done 
> in web servers with the .htpasswd files instead of providing the 
> username and password?
> 
> I am asking because this would force me to store the password in plain 
> text in order to use it in the GstRTSPAuth.

In GIT gst-rtsp-server also supports Digest auth btw. For both you need
to store the password in clear text on the server side.

With basic auth, things are even worse though. You actually transmit
the password in clear text over the network (well, base64 encoded...).
The server is then checking that against what is locally stored. With
basic auth, storing the clear text password server-side is the least of
your worries.


With digest auth you don't send the password in clear text and in
theory the server could store only a hash (of username, realm and
password) instead of the clear text password. However this is currently
not implemented in gst-rtsp-server. If you want to provide a patch for
that, that would be very useful though. It's not difficult to add.

-- 
Sebastian Dröge, Centricular Ltd · http://www.centricular.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: This is a digitally signed message part
URL: <https://lists.freedesktop.org/archives/gstreamer-devel/attachments/20170213/81718b98/attachment.sig>


More information about the gstreamer-devel mailing list