--- Begin Message ---
Wow, that was amazingly fast, thanks a lot!
However, with that implementation, the new
specialHandlingOfAuthenticationFailure gets not only called when someone tried
to login with a wrong password, but also when they connect for the first time
in order to receive a nonce. So there will always be at least one wrong attempt
from when the client requests the nonce. (actually when testing around and
adding some debug logging, I saw that when connecting with the vlc player,
there could be up to 5 attempts before login succeeded, but I am not sure where
this comes from or whether I did something wrong) That puts some constraints on
how brute force protection can be implemented.
That being said, I would feel bad for complaining after such a quick and nice
response, so if you want to keep it as it is now, I will try and use it like
that.
----- Original Message -----
From: "Ross Finlayson" <[email protected]>
To: "LIVE555 Streaming Media - development & use" <[email protected]>
Sent: Friday, September 30, 2022 2:04:59 PM
Subject: Re: [Live-devel] Suggestion regarding authentication
Thanks for the suggestion.
I’ve just installed a new version (2022.09.30) of the code that adds a call to
a new virtual function "specialHandlingOfAuthenticationFailure()” - whenever
“authenticationOK()” is about to return False (for normal authentication
handling).
by default, this virtual function does nothing, but your subclassed
“RTSPServer()” can override it if you wish.
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
_______________________________________________
live-devel mailing list
[email protected]
http://lists.live555.com/mailman/listinfo/live-devel
--- End Message ---
_______________________________________________
live-devel mailing list
[email protected]
http://lists.live555.com/mailman/listinfo/live-devel
