This is the first time i have seen this i am wondering if zm already has a way to get around this. I have been out of the look on cctv stuff for a while. It seams like this kinda auth could be more common in newer cameras to prevent cross site scripting, and protecting user logins(to an extent).
IF no one has time to think about this issues can you point me to the parts of zm that something liek this woudl be added to so I can see if I add support.
http://en.wikipedia.org/wiki/Cryptographic_nonce
Code: Select all
GET /mjpeg.cgi HTTP/1.1
Host: 10.0.0.251
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.0 401 Authorization Required
Server: alphapd
Date: Sat Dec 13 20:24:05 2014
Pragma: no-cache
Cache-Control: no-cache
Content-type: text/html
WWW-Authenticate: Digest realm="TV-IP751WC",qop="auth", [b]nonce="e8194cde8b06e04c3d0100b8bb8a80ca"[/b]
<html><body><h2>Error: Authorization Required</h2>
<p>Authentication was requested</p></body></html>
Code: Select all
GET /mjpeg.cgi HTTP/1.1
Host: 10.0.0.251
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Authorization: Digest username="admin", realm="TV-IP751WC", nonce="e8194cde8b06e04c3d0100b8bb8a80ca", uri="/mjpeg.cgi", response="8e8dd3c52e73515203ae3f311d4e08cf", qop=auth, nc=00000001, cnonce="738a55949209777a"
HTTP/1.0 200 OK
Server: alphapd
Date: Sat Dec 13 20:24:19 2014
Pragma: no-cache
Cache-Control: no-cache
Content-Type: multipart/x-mixed-replace;boundary=--video boundary--
Content-length: 18785
Date: 12-13-2014 08:24:19 PM IO_00000000_PT_005_000
Content-type: image/jpeg
.....^...........................................W.......!1.AQa."2.q...#BRb...3r..$CS..4.........