Motion - Support Question 2009x 08x 10x 063245

HTTP authentication for STREAM URl

Question

Terrific software gentlemen, thank you!

Now... I really think we need to support HTTP authentication for the STREAM as well as the CONTROL URL. I was amazed this wasn't supported.

Using an HTTP proxy seems lame -- overly complex and wasteful of resources; I don't want to run an Apache instance on my firewall just to restrict the stream. And it still doesn't protect against LAN access; I'm sure many people run fairly sophisticated networks and won't want every user to access every motion camera on the network.

The code would appear fairly trivial.

I've seen it stated that motion is "not a good tool for remote streams" but I really don't see why this is the case -- it's the best tool I've seen, and I've evaluated them all! smile

I'll volunteer to code this up if you prefer; it should take a few minutes.


Environment

Motion version: 3.2.11
ffmpeg version:  
Libraries: ffmpeg, mysql, postgresql
Server OS:  

-- AlexFreeman - 10 Aug 2009

Answer

Hi Alex ,

Go ahead and code it , but against trunk not 3.2.11.1 please.

Submit it as a patch :

http://www.lavrsen.dk/foswiki/bin/view/Motion/MotionPatches

Thanks !

-- AngelCarpintero - 11 Aug 2009

Hi Alex,

Maybe a basic auth seems fairly simple, but if you are really willing to implement it, perhaps you should describe exactly the features you are planning to implement. As an example, consider "compatibility with .htpasswd format"

You say that proxying does not prevent access from the LAN. You can very well bind motion to the local host IP (127.0.0.1) and the HTTP proxy will be the only thing to access motion. Besides, there are webservers capable of proxying more lightweight than Apache.

"Motion is not good for remote streams": for me, this means "Motion has not been declared to be safe to expose on the internet. Do it at your own risk.". A proxyfication adds a layer of HTTP request validation, hence there's some limits to user input. Some attack types won't be possible through a proxy.

That said, a simple HTTP authentication can be good enough for uses in a LAN where you do not want everyone to access your webcam smile and I think this would be a nice addition to Motion.

Thanks smile


It's implemented in trunk already.

AngelCarpintero - 28 Mar 2010
Topic revision: r4 - 28 Mar 2010, AngelCarpintero
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Please do not email Kenneth for support questions (read why). Use the Support Requests page or join the Mailing List.
This website only use harmless session cookies. See Cookie Policy for details. By using this website you accept the use of these cookies.