Results 1 to 8 of 8

Thread: How to add authentication for publishing to streammanager

  1. #1
    Join Date
    Nov 2012
    Posts
    5

    Default How to add authentication for publishing to streammanager

    Hi, i'm not sure i grasp the whole concept of streaming technology and wowza architecture and i'm not sure there's a solution to my problem.
    I'm using a minicaster to publish a RTP stream to the "live" application (I followed the provided tutorial) and re-streaming it using the streammanager. Everything works fine.

    My worry is that anybody (by trial and error) could find out the port number defined in the .stream file and hack into the stream by publishing another feed into the same port.

    Is there a way to add an authentication method to the streammanager so that any published stream(MPEG-TS,RTP,RTSP, etc..) to the defined port will need to provide username/password to be accepted by the application?

  2. #2
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    Take a look at the StreamNameAlias addon. This has a security aspect. You will remove the default rule from the stream alias map file, then define allowed rules, i.e, stream sources. If you are using .stream files this will replace that, you will use simple alias names that do not have a .stream extension

    http://www.wowza.com/forums/content....ameAlias-AddOn

    Richard

  3. #3
    Join Date
    Nov 2012
    Posts
    5

    Default

    Thanks Richard.

    I've downloaded the add and installed it successfully.
    I have modified the "live" application.xml as per the readme instructions.
    I have now deleted the .stream file and added the following rule to the aliasmap.stream.txt:
    mystation = udp://myservername.com:10000

    I configured the miniCaster to now publish its stream on myservername.com on port 10000 used streammanager to start a live stream called mystation.
    It works as before (without the .stream file).

    But my problem stays the same: anybody could publish another stream on the same port and streammanager would re-stream it.

    Did i miss something?

  4. #4
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    Remove the default rule, the line that is in that file before you added your rule. What that does is allow any stream that does not match a rule above to run without aliasing. So just remove that and only your rule will work.

    Richard

  5. #5
    Join Date
    Nov 2012
    Posts
    5

    Default

    Thanks again Richard.
    I did remove the default rule!
    If i'm getting it right, the rule [mystation = udp://myservername.com:10000] only allows a published stream from myservername.com on port 10000 to be aliased to mystation.
    When I use streammanager to start receiving a stream called mystation on the "live" application, it starts listening to any stream published from myservername.com on port 10000.
    That means that as soon as streammanager gets the stream sent by miniCaster on udp://myservername.com:10000 it re-streams towards the "live" application.

    The problems comes from streammanager thats listens and accepts any published stream without any authentication. I still need to use it as I need to re-stream the RTP stream from the miniCaster to different kind of players (flash, iOS, etc...).

    I think i'm still missing something!

  6. #6
    Join Date
    Nov 2012
    Posts
    5

    Default

    After reading my posts, i'm not sure having explained my problem accurately.
    First, here is how i think the system is working (correct me if i'm wrong):

    1. The ModuleStreamNameAlias module is inserted in the conf/live/Application.xml.
    2. Using the streamNameAlias addon, a rule is created in the conf/aliasmap.stream.txt file (mystation = udp://myservername.com:10000)
    3. After logging into streammanager, a stream called "mystation" is started on the live/_definst_ application

    If i'm getting it right, these first 3 steps make Wowza listen to port 10000 for any stream and broadcast it through the "live" application as "mystation"

    So using the streamNameAlias addon rule will make the "live" application accept and alias the stream coming from streammanger and refuse any other stream sources.

    The problem is that the streammanager itself still accepts anything coming directly to the server on port 10000.
    Meaning that if someone else publishes a stream on udp://myservername.com:10000 and not on (http://myservername.com:1935/live) it would be accepted as a valid stream and forwarded to the "live" application.

    Isn't there a way to make streammanager more secure?
    Or isn't there any other secure way to make Wowza accept a RTP stream and broadcast it to "multiple players"?

  7. #7
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    If someone publishes a stream to udp://myservername.com:10000 they then need to re-stream it through Wowza to play it back through Wowza, but they can't start it in StreamManager, first because they shouldn't have the admin password, also you have a stream going to that IPort already. I'm not sure what else to suggest.

    Richard

  8. #8
    Join Date
    Nov 2012
    Posts
    5

    Default

    Thanks again Richard for your help!

    That's what i'm afraid of: as soon as "I" start the stream in StreamManager the port is opened and anybody who knows the wowza server address and the port number (a bit hard, I know!) can publish into it.
    I've tried to publish 2 stream simultaneously to the same address, wowza accepts them both and mixes them up. On the players, I get a garbaged mixed up version of both stream.

    Well, I'll stick to that solution for now but I'm looking for a completely secure way to do the same thing (without SreamManager maybe!!!)

Similar Threads

  1. Forwarding live stream publishing / Authentication
    By rogersmarin in forum Live Streaming and Encoder Discussion
    Replies: 3
    Last Post: 01-12-2014, 09:54 PM
  2. Push Publish Add-on issue when publishing to level 3
    By prolog in forum AddOn: Other AddOns
    Replies: 3
    Last Post: 04-01-2013, 05:56 AM
  3. Add Authentication in Flash Encoder
    By max147 in forum Live Streaming and Encoder Discussion
    Replies: 1
    Last Post: 08-13-2012, 07:25 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •