[Live-devel] Suggestion regarding authentication

Jörg Dommaschk j.dommaschk at instar.com
Fri Sep 30 00:04:44 PDT 2022


Wow, that was amazingly fast, thanks a lot!

However, with that implementation, the new specialHandlingOfAuthenticationFailure gets not only called when someone tried to login with a wrong password, but also when they connect for the first time in order to receive a nonce. So there will always be at least one wrong attempt from when the client requests the nonce. (actually when testing around and adding some debug logging, I saw that when connecting with the vlc player, there could be up to 5 attempts before login succeeded, but I am not sure where this comes from or whether I did something wrong) That puts some constraints on how brute force protection can be implemented. 

That being said, I would feel bad for complaining after such a quick and nice response, so if you want to keep it as it is now, I will try and use it like that.

----- Original Message -----
From: "Ross Finlayson" <finlayson at live555.com>
To: "LIVE555 Streaming Media - development & use" <live-devel at us.live555.com>
Sent: Friday, September 30, 2022 2:04:59 PM
Subject: Re: [Live-devel] Suggestion regarding authentication

Thanks for the suggestion.

I’ve just installed a new version (2022.09.30) of the code that adds a call to a new virtual function "specialHandlingOfAuthenticationFailure()” - whenever “authenticationOK()” is about to return False (for normal authentication handling).

by default, this virtual function does nothing, but your subclassed “RTSPServer()” can override it if you wish.


Ross Finlayson
Live Networks, Inc.
http://www.live555.com/


_______________________________________________
live-devel mailing list
live-devel at lists.live555.com
http://lists.live555.com/mailman/listinfo/live-devel



More information about the live-devel mailing list