Results 1 to 5 of 5

Thread: Security problem: default EC2 videochat application

  1. #1
    Join Date
    Jul 2013
    Posts
    14

    Exclamation Security problem: default EC2 videochat application

    Hi All,

    I'm using WowzaMediaServer on amazon ec2 with secureToken enabled and I'm using the default videochat application and I've build a custom flash client to fit my needs.

    I only found a security the problem in this setting: it is possible to overwrite the broadcasting streams.

    For example if I broadcast the stream 'testing' to WowzaMediaServer with my client, then I open a second client on a different computer to also broadcast 'testing' to the WowzaMedia server, than the receiving client shows the webcam of the second computer and NOT of the first computer.

    So the second computer overwrites the stream and this stream is displayed. Since it's quite easy to spot the stream names using a packetsniffer suchs as wireshark, you could build another simple client that overwrites all the streams.

    How can I setup a protection for this at the server side to prevent overwriting of streams?

    Many thanks,
    Henkhenk
    Last edited by henkhenk; 08-09-2013 at 08:36 AM.

  2. #2
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    This is how to override that that behavior, prevent the 2nd stream from publishing

    Richard

  3. #3
    Join Date
    Jul 2013
    Posts
    14

    Default

    Hi Richard,

    Thank you for your answer.

    I understand that I have to prevent the 2nd stream from publishing. I did the assumption that this would be done by default, which isn't. So I have to make some adjustments at some place.

    Can you give me some advice on how to adjust this?

    Thanks,
    Henkhenk

  4. #4
    Join Date
    Jul 2013
    Posts
    14

    Default

    I found an artikel myself, many thanks anyway.

    Link is here:
    http://www.wowza.com/forums/content....publish-stream

    Henkhenk

  5. #5
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    Sorry, forgot to include that link (trying to work on a Iphone), glad you found it.

    Richard

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •