[icecast] External authentification-module for listening to icecast2-streams?

[Stefan Neufeind]

On 7 May 2003 at 21:22, Michael Smith wrote:

> > > Potentially a quite interesting feature. Shouldn't even be too
> > > difficult to integrate, really. I suspect that many (and possibly
> > > even most?) players won't support it, though. Worth spending an
> > > hour or two experimenting if you're interested in it, though.
> >
> > Okay, then how about simply adding it past the URL? Like
> >
> > http://testserver:8000/concert?session=abc10283kasld
> >
> > should work, right? Or are there cons against this? All we would
> > have to add is a "split at ?"-routine to icecast2.
> 
> icecast already splits query parameters out like this. The 'against'
> would be that this doesn't even have a slight pretense of security,
> and it's really not a very nice way to do things when HTTP _does_ have
> proper authentication built in. 
> 
> But, you could try it out if you wanted (I'd still try using HTTP
> BASIC auth, to see if most clients support it, first).

Well okay, this might be tried out. We'll see if most programs do use 
this. Also: "HTTP BASIC" isn't secure either :-) And since we're not 
talking about passwords but session-keys I think it might be okay, 
don't you? Hmm - the more I think about it, the more I like the "?"-
appending-idea :-) We just need to have an external tool that can be 
configured to be called upon connection (and maybe disconnection) 
that would receive the query-string e.g. in environment. This 
shouldn't be to hard to code. Like a cgi ...

I'll have a look at it in the next days.
 Stefan
--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.