Hide Username and Password in URL

Question

We have a video streaming app that has a basic username/password authentication.

Accessing the application is done by going to rtsp://username:password@example.com:554/video

Infosec isn't a fan of this setup and has blocked the app due to the username and password in the URL. How can I make the application accessible while hiding the username and password in the URL?

hamish · Answer

I don't blame them. Username and password in the URL is a pretty basic security mistake. e.g. when you're passing via a proxy. After all the URL is going too be logged somewhere... In your history etc.

The only way you can mask it is by changing the application that's insecure enough to insist on user/pass in the URL for a decent one.

zuke · Answer

That's the conclusion I came to as well.

Forum Discussion

Hide Username and Password in URL

Recent Discussions

BIG-IP SysLog appearing in ossec.log

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

TMSH Command to list ASM policies not attached to any virtual servers in all partitions

dynamic signature detection

Related Content

Require username and password for virtual server

Password Safety & Security: Passwords vs. Passphrases

Automate scp transfers using password

Unable to login on F5 GUI using default admin/admin username & password.

Hide uri on client side

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS