patrickfuller
commented
6 years ago Makes sense to me - thanks for the PR!
For others who find this, I'd like to add that this security layer is not intended to be robust. This PR solves a blatant error, but it's still not going to hold up to many standard attacks.
If you're looking for real security, I'd recommend running this through an nginx reverse proxy. Services such as Let's Encrypt offer free encryption, and plugins like nginx oauth2_proxy allow you to use e.g. Google's authentication.
Removes public access to password.txt, and verifies authentication before sending video frames over the web socket. Previously, an attacker could manually open a web socket connection and request frames without being logged in.