search

billw2 / pikrellcam

Raspberry Pi motion vector detection program with OSD web interface.
GNU General Public License v3.0
261 stars 70 forks source link

Security aspects #2

Closed Yves911 closed 9 years ago

Yves911 commented 9 years ago

I discovered your software few days ago and i have been very impressed about how its powerful (live stream with good quality and reliable motion detection). I was using motion until now and consider to switch to your software. I would like to open the stream on internet but with some restrictions and security:

  1. do you plan to provide instructions to make the server running on https? (i can still use stunnel to have https)
  2. do you have plan to enhance security with a username/password (currently if you connect to 'http://_______fr:8081/mjpeg_read.php directly you will see the image without the need to enter any crendetial'

Thanks for this great work !

Yves911 commented 9 years ago

using this guide i managed to enhance security : https://www.digitalocean.com/community/tutorials/how-to-set-up-http-authentication-with-nginx-on-ubuntu-12-10

mkoryak commented 9 years ago

also, you should consider fixing this bug:

http://hostname/media.php?dir=media/videos/../../../../../../../../etc&file=

lets you easily look at any file in your filesystem, but yeah, basic auth should be used

billw2 commented 9 years ago

Password setting uses htpasswd.