Stream security - Storm Streaming Server
In order to limit access to the steam for undesirable viewers, a secure token authentication method can be activated. The general concept is pretty simple. A MD5 token based on a server time and a password is generated. For even tighter security an IP address can be added to the string. Then same algorithm must be replicated for WWW server-side. Depending on preferences the token will stay valid for up to specified amount of time.
Token algorithm
The token is made up from two or three parameters joined together as a single string and encrypted as a MD5.
- unixTime - standard unixtime rounded to full minutes.
- password - saved in config/preferences.xml file.
- IP address - an IP address of a viewer (e.g. 192.168.0.1).
Below you'll find an example for PHP:
$password = "qwerty"; // sample password
$unixTime = strtotime(date('Y-m-d H:i:00')); // rounding time to full minutes
$token = md5($unixTime.$password); // simplified version
$token = md5($unixTime.$password.$ip); // version with viewer's IP address
Don't forget to configure the secure token on player's side. Please check Security settings - Storm JavaScript Library for more details.
Configuration example
SecureStream configuration is located in config/preferences.xml file. Each internal application has its own Stream settings.
<SecureStream enabled="true">
<password>qwerty</password>
<ingestIP>true</ingestIP>
<timeout>5</timeout>
</SecureStream>
preferences.xml configuration
| Parameter name | Suggested value | Description |
|---|---|---|
| SecureStream:enabled | false | Whenever this option is active or not. |
| password | Between 10-16 characters | A password for your secure token. |
| ingestIP | true | Decides whenever IP becomes part of the token (might cause troubles for viewers using proxy services). |
| timeout | Between 3 and 5 | Timeout for a token (in minutes). |
Table 1. SecureStream parameters table