Preventing Unauthorized / Unformatted Streams

Hello:

I’ve been working with Wowza IDE, and I’ve been trying to tap into some event handlers such as onConnect(…) and onStreamCreate(…).

I have an architecture I have to follow. Our users log in, and they are given a couple of stream numbers for their publications. With each stream number is a key.

EXA: [{1, AwPa}, {3, xYeZ}, {62, cYwz}].

You can see in the example, I have three NVPs. Well, our current stream strategy allows the user to initiate the stream: rtmp://my.address.com/Publish. We also append the stream ID, so Wowza sees it as /Publish/.

Well, I we need to lock down the stream with the key as well. Simply using onConnect() with a username and password will not work, for a user can login and hijack another ID if they want to be malicious. Therefore, I want to use a query string to pass along the key, so ultimately it simulates the following address: rtmp://my.address.com/Publish/1?AwPa

You can see that I have the ID of the stream as well as the key to the stream in the address.

I’ve tried hooking into onConnect(), but I don’t think I can get the STREAM name as well as the query string in there. I’ve looked into onStreamCreate(…), and I’ve used the IMediaStream’s getQueryStr() and getName(), but they are empty.

Ultimately, I’m asking where can I do validation of the ID of the stream and KEY to the stream? If they match, I’ll allow the stream. If they are different, I will reject the stream?

Thank you.

Hello there and welcome to the Wowza support forum.

You might be able to use this sample code as a starting place to achieve your needs:

How to limit publishing of live streams by IP list (ModuleOverridePublishRestrictIP

If you need further assistance, you may wish to post a request to the find a consultant forum.

Best,

Salvadore