harlanc/xiu

Authentication Options

Opened this issue · 1 comments

After reading User-defined Authentication, I see the only way to implement authentication using non-static tokens is to use the HTTP notification service to inform a managing server of new connections, check the token provided in the URL, and use the kickoff API to close the user connection if the token is invalid.

As I understand it, this would allow an unauthenticated stream subscriber to access stream data for the duration it takes the managing server to kick them off. Further, any error that occurred within the managing server that resulted in it failing to kick off the malicious user would cause the attacker to remain connected indefinitely.

To me, it seems a far more secure and natural authentication scheme would be to use an HTTP callback to verify the authentication token before allowing a user to connect, just as would be done using Simple or MD5 Authentication, with the only difference being that the validation is performed by the managing server rather than within Xiu itself. This would eliminate an attacker's ability to eavesdrop until they are kicked off and would make the "default" action (when the server fails to respond) to deny access instead of granting it.

If I misunderstand the existing authentication flow and this is not a concern, please let me know.

Hi @TwoLeggedCat

Your understanding is correct. Using user-defined authentication can lead to the issue that allowing a user to stream briefly before being kicked out. Thanks for your suggestions, I think the HTTP callback authentication method you suggested can be added to Xiu.