[Live-devel] [patch] Authentication hiccups
Ross Finlayson
finlayson at live555.com
Thu Nov 6 17:35:24 PST 2014
> I was thinking about preventing MITM attacker degrading auth to Basic.
> Currently any RTSP client is vulnerable to exposing full credentials in
> plain-text (almost), as there is no way to authenticate server first.
That’s a good point.
I’ve just installed a new version (2014.11.07) of the “LIVE555 Streaming Media” software that adds a new method
RTSPClient::disallowBasicAuthentication()
that you can call on a “RTSPClient” object to disallow ‘basic’ authentication if the server requests it.
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20141106/39b23fe5/attachment-0001.html>
More information about the live-devel
mailing list