Secure HLS stream URL

Zorba_Conlen · October 8, 2020, 9:47pm

Hi. I have built an app that shows traffic cameras on a map and allows end users to click the icon and view live streaming video. The app is pure HTML5, no server-side software. I’m using google maps and videojs APIs mainly. This is a public facing app that anyone can access with no authentication.

Now the customer is concerned that the stream URLs are exposed and others can get access. For instance, network tab in dev tools or other ways. So, I’m looking for options to either obfuscate or secure those urls. Researching in the docs, I have found a couple capabilities, but I need more info:

SecureToken - it seems this is a good solution, but if I’m understanding correctly, it would require a server-side language like .net or php in order to be truly secure based on this quote from docs:

" Your web server administrator must use this same shared secret value to generate the client-side hash when the client webpage is generated. JavaScript code shouldn’t be used in the client webpage to generate the hash as the code is visible in the webpage source and would pose a potential security risk."

That’s a major architecture change that I would prefer to avoid if possible.

StreamNameAlias - I read about this but it’s not clear if it meets my requirements based on the brief description in docs.

Or if there are other options, I’d love to hear about them.

Thanks

video_streaming · October 9, 2020, 8:51pm

Is your concern the streams being stolen when not being a subscriber or the bandwidth cost if others get it and connect?

There is no perfect solution for an HLS m3u8 and we normally suggest a variety of security options from the token to IP address restrictions, but in a public facing app, DRM would be good here- if that’s in your budget.

Here is a blog written by an expert in streaming and discusses DRM and piracy.
https://www.wowza.com/blog/digital-rights-management-drm-a-primer

Zorba_Conlen · October 12, 2020, 8:48pm

Thanks for the info. The concern is mainly about the bandwidth impact on our server. I took a look at that blog - it has some useful info, but I’m pretty new to this and not sure I’m really getting it.

I also found this article - Configure security in Wowza Streaming Engine, which discusses IP restrictions. This actually sounds like what I’m looking for if I’m understanding it correctly., I could restrict it to just the ip of my web server, right? Are there issues with this approach? See attachment.

Cheers

Topic		Replies	Views
Secure HLS streaming Wowza Streaming Engine	3	2652	July 28, 2015
Protecting a stream with AllowDomains Wowza Streaming Engine	3	2724	February 26, 2014
Secure url with parameters in wowza 2 Wowza Streaming Engine	1	1927	October 30, 2015
Using token authorization to view stream in VLC Wowza Streaming Engine media-players-and-devices	3	4296	August 5, 2021
Playlist URL security Wowza Streaming Engine	1	1611	August 17, 2017

Secure HLS stream URL

Related topics