Open Fedaz8 opened 3 weeks ago
You should use authentication
I've looked at the authentication section of the docs: https://github.com/illuspas/Node-Media-Server?tab=readme-ov-file#authentication
I can't really make sense of what they're trying to explain here, perhaps some translation issue or something. In the end it suggests that a final request URL of e.g. rtmp://192.168.0.10/live/stream?sign=1503458721-80c1d1ad2e0c2ab63eebb50eed64201a
needs to be used but I don't understand how that fits into the OBS stream settings.
Does this mean that the streamer would still provide a stream key which ends up being their stream name? but the URL that each streamer enters into the server
input would be unique to them?
HashValue = md5("/live/stream-1503458721-nodemedia2017privatekey”)
is this saying that for each streamer, they would have a unique URL that they stream to which would include a hash of the above where stream
is their stream name, the number following it (1503458721
) is the expiry and the string following that (nodemedia2017privatekey
) is some global secret defined within the node-media-server config?
Whenever a user streams they provide a stream key which ends up being the stream name and whenever someone consumes a stream, they make a request to a URL which includes this stream name. Meaning any viewer has access to any streamers stream key and could hijack the stream.
How are we supposed to tackle this?
e.g.
rtmp://mydomain.com/live
and stream key:mysecretkey
mysecretkey.flv