Forum Discussion

Cirrostratus

Dec 06, 2021

Hide Username and Password in URL

We have a video streaming app that has a basic username/password authentication. Accessing the application is done by going to rtsp://username:password@example.com:554/video Infosec isn'...

Cirrocumulus

Dec 10, 2021

I don't blame them. Username and password in the URL is a pretty basic security mistake. e.g. when you're passing via a proxy. After all the URL is going too be logged somewhere... In your history etc.

The only way you can mask it is by changing the application that's insecure enough to insist on user/pass in the URL for a decent one.

Zuke
Cirrostratus
Dec 13, 2021
That's the conclusion I came to as well.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Hide Username and Password in URL

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

Require username and password for virtual server

Password Safety & Security: Passwords vs. Passphrases

Automate scp transfers using password

Unable to login on F5 GUI using default admin/admin username & password.

Hide uri on client side

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS