Even though the password has been set, accessing still does not require a password.

ossrs / srs

SRS is a simple, high-efficiency, real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181.

https://ossrs.io

MIT License

25.16k stars 5.31k forks source link

Even though the password has been set, accessing still does not require a password. #3692

Closed liuliran123 closed 1 year ago

liuliran123 commented 1 year ago

In addition, the documentation does not mention any enabled password authentication feature. How can we guarantee security?

TRANS_BY_GPT3

liuliran123 commented 1 year ago

There is also no password authentication feature enabled in the document. How can security be ensured?

TRANS_BY_GPT3

Kentsonshum commented 1 year ago

Have you read the http.api.auth.conf document carefully? The format is incorrect. You also need to enable auth under the api section.

http_api {
    enabled         on;
    listen          1985;
    auth {
        enabled         on;
        username        admin;
        password        admin;
    }
}

TRANS_BY_GPT3

winlinvip commented 1 year ago

Doc is here https://ossrs.io/lts/en-us/docs/v5/doc/http-api#authentication

Thanks @Kentsonshum