cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Hide Username and Password in URL

Zuke
Cirrostratus
Cirrostratus

We have a video streaming app that has a basic username/password authentication.

 

Accessing the application is done by going to rtsp://username:password@example.com:554/video

 

Infosec isn't a fan of this setup and has blocked the app due to the username and password in the URL. How can I make the application accessible while hiding the username and password in the URL?

2 REPLIES 2

Hamish
Cirrocumulus
Cirrocumulus

I don't blame them. Username and password in the URL is a pretty basic security mistake. e.g. when you're passing via a proxy. After all the URL is going too be logged somewhere... In your history etc.

 

The only way you can mask it is by changing the application that's insecure enough to insist on user/pass in the URL for a decent one.

 

 

That's the conclusion I came to as well.