Re: Securing Windows Media Encoder streams/broadcasts

From: Pedro Gil Morales (nospam_at_nospam.com)
Date: 01/26/05

Next message: deroberts100_at_hotmail.com: "Re: Using WME to stream dynamic playlist of files"
Previous message: The March Hare [MVP]: "Re: Nonsquare pixel support.different aspect ratios of video resolution and for playback"
In reply to: Neil Smith [MVP Digital Media]: "Re: Securing Windows Media Encoder streams/broadcasts"
Next in thread: emde: "Re: Securing Windows Media Encoder streams/broadcasts"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 26 Jan 2005 21:00:55 GMT

Great Answer and explanation too Neil.

;-)

Neil Smith [MVP Digital Media] wrote:
> On Tue, 25 Jan 2005 15:00:27 -0800, "emde" <emde@na.com> wrote:
>
>
>>The security comment was in response to the previous posters comment about
>>protecting a URL and feeding the video on a web site, which is definatly not
>>secure ...
>
>
> It was a starting point only, consider it an option. You haven't
> clearly defined why you *need* high levels of security on your stream
> from the encoder, so lets not get too high & mighty about this ;-)
>
> If you want proper security you have to implement your own
> authentication system yourself - as the previous poster stated, WME is
> not intended for secure broadcasts, it's a souped up client program
> rather than a full-featured streaming server.
>
>
>>>>Maybe you can publish the stream URL on a website, but password
>>>>protect the page which accesses the URL ;-))
>
>
> So let's go again with an alternate scenario : You set up a website on
> which you protect the page using an appropriate authentication system
> (your choice). The page then logs the IP of the authenticated user.
>
> Now the script passes an encrypted SOAP request to a web server or
> application host (Apache2, .NET, other), running on the encoder client
> machine which contains an appropriate authentication token from your
> website, and the IP address which is permitted to access the stream.
>
> Obviously, you have your own authentication token here to validate the
> SOAP request (your private key), and for good measure, you know the IP
> address from which the request *should* be coming (to avoid spoofing
> from unauthorised IP blocks).
>
> Finally, your web server on the encoder client machine modifies the
> permitted ACL of the encoder (which is by default set to deny all).
> You could do this using DCOM (apparently), or you could host the
> encoder in a custom written application which accepts and processes
> the authorisation request. When this process is completed, you send
> back a success message to the public web server which then issues the
> html necessary to access the now-unlocked stream.
>
>
>>Not sure how windows server 2003 would provide a password option. If anyone
>>else has info on this I'd like to hear it.
>>
>>Thanks.
>>
>>
>>
>>"Pedro Gil Morales" <nospam@nospam.com> wrote in message
>>news:NhzJd.562365$oN1.1054851@telenews.teleline.es...
>>
>>>Hi,
>>>
>>>You can protect your streams wiht user/password by using a Windows 2003
>>>Server to stream your content, but i dont remember anyway to do it just
>>>with windows media encoder.
>>>
>>>I don´t think that Microsoft is doing "Security thru obscurity", the
>>>main think is that your are Trying to do something professional with a
>>>FREE tool like Windows Media Encoder ( which is not intended to stream
>>>more than 10 connections ) . If you want professional results, you must
>>>use professional tools like Windows 2003.
>>>
>>>Best Regards
>>>
>>
>

-- 
-----------------------------------
Pedro Gil Morales 	
www.specializa.com,	
Open forums for IT Community 	
Webmaster & Site Administrator 	
-----------------------------------
---- no spam ---
newsgroups at specializa dot com
--- no spam ---- 	
-----------------------------------

Next message: deroberts100_at_hotmail.com: "Re: Using WME to stream dynamic playlist of files"
Previous message: The March Hare [MVP]: "Re: Nonsquare pixel support.different aspect ratios of video resolution and for playback"
In reply to: Neil Smith [MVP Digital Media]: "Re: Securing Windows Media Encoder streams/broadcasts"
Next in thread: emde: "Re: Securing Windows Media Encoder streams/broadcasts"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

RE: prompted for username, password on iis5 running xp pro
... >Server will negociated an authentication method. ... >an valid username/password, the username/password box ... >the web server will send the content to the client. ... >the Web Server in Windows 2000 Server and Windows XP Pro ...
(microsoft.public.inetserver.iis.security)
RE: DMZ and AD Authentication
... authentication, and then permitting them users to access the AD for ... thru is the web server was compromised. ... I would recommend using the Cisco Security Agent on the web ... >Subject: DMZ and AD Authentication ...
(Security-Basics)
RE: website inside or outside the domain?
... it is better not to have domain authentication traffic ... publicly accessible web server in a DMZ, with a DC also in the DMZ ... > webserver is ... network) its not the best model to use. ...
(Focus-Microsoft)
Re: Integrated Windows Authentication not working
... >>> only web site and no one is behind a proxy server. ... proxy server between the various user's ISPs and your web server? ... And you're sure that the authentication settings for the virtual ... directory that maps to the physical directory where the .asp files are ...
(microsoft.public.inetserver.iis.security)
Password protection system for web app
... Could someone please suggest a very lightweight solution for protecting ... directories on a web server? ... Either HTTP basic authentication or cookie based authentication would do. ...
(comp.lang.python)