Hide Username and Password in URL

Question

We have a video streaming app that has a basic username/password authentication.

Accessing the application is done by going to rtsp://username:password@example.com:554/video

Infosec isn't a fan of this setup and has blocked the app due to the username and password in the URL. How can I make the application accessible while hiding the username and password in the URL?

hamish · Answer

I don't blame them. Username and password in the URL is a pretty basic security mistake. e.g. when you're passing via a proxy. After all the URL is going too be logged somewhere... In your history etc. &nbsp;The only way you can mask it is by changing the application that's insecure enough to insist on user/pass in the URL for a decent one.&nbsp;&nbsp;

zuke · Answer

That's the conclusion I came to as well.

Forum Discussion

Hide Username and Password in URL

2 Replies

Tyler - May 2026 Featured Member

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

version 21.1 ACME setup for certificate renewal with Digicert

F5 BIGIP & XC certbot plugin

Use F5 APM as Forward Proxy

Question about source persistence across traffic group

OpenID Connect as Client and Resource server

Related Content

Context Cloak: Hiding PII from LLMs with F5 BIG-IP

Require username and password for virtual server

Password Safety & Security: Passwords vs. Passphrases

Automate scp transfers using password

F5 App Study Tool with passwords stored in Vault

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS