Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Hide Username and Password in URL

Zuke
Cirrostratus
Cirrostratus

‎06-Dec-2021 05:53

We have a video streaming app that has a basic username/password authentication.

 

Accessing the application is done by going to rtsp://username:password@example.com:554/video

 

Infosec isn't a fan of this setup and has blocked the app due to the username and password in the URL. How can I make the application accessible while hiding the username and password in the URL?

Labels:
0 Kudos
2 REPLIES 2

Hamish
Cirrocumulus
Cirrocumulus

‎10-Dec-2021 10:02

I don't blame them. Username and password in the URL is a pretty basic security mistake. e.g. when you're passing via a proxy. After all the URL is going too be logged somewhere... In your history etc.

 

The only way you can mask it is by changing the application that's insecure enough to insist on user/pass in the URL for a decent one.

 

 

0 Kudos

Zuke
Cirrostratus
Cirrostratus
In response to Hamish

‎13-Dec-2021 08:25

That's the conclusion I came to as well.

0 Kudos
Copyright © 2023 Khoros, LLC