Replies: 1 comment 2 replies
-
I think you'll need to work with Tokens, but I also have to figure out the implementation of this. |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm running Ant Media Server Community Edition 2.9.0 20240405_1758 and intend to publish a stream via the default LiveApp by embedding it on a separate website which will be public to the Internet.
However, there is an issue I would like to clarify first: the HTML embed code that I can obtain from the stream actions within AMS obviously contains the stream ID in its source.
Please correct my if I am misunderstanding the situation, but isn't the stream ID essentially sensitive information and doesn't publishing this to a website create the potential for any user to hijack my stream and publish via my AMS?
Specifically, if a user visits the stream via my website
https://mywebsite.example/live.html
and looks at the source code, they would be able to see the following:<iframe width="560" height="315" src="https://myamserver.example/LiveApp/play.html?id=myUniqueStreamID" frameborder="0" allowfullscreen></iframe>
Now if they have any idea how AMS works by default (or bother to just look it up), they could easily deduct from this that my publishing URL is
rtmp://myamserver.example/LiveApp/myUniqueStreamID
.In turn, this would allow them to publish their own stream to this URL using streaming software such as OBS, correct?
Assuming that the above statements are true, are there any ways to mitigate this risk?
For example, is it possible to have the stream ID in the HTML code differ from the one used in the RTMP publish URL, while still pointing to the same stream internally?
Or are there other ways to hide/obfuscate the stream ID in the public-facing HTML code?
Any guidance on this topic would be greatly appreciated!
Beta Was this translation helpful? Give feedback.
All reactions