Set username/password in rtsp url

Question

I am retrieving video from an IP-Camera using rtsp using a java web application; The rtsp url has embedded username/password in the url itself which seems to be quite insecure. e.g. rtsp://user:password@ip/...

Is there a way to to prevent sending the username/password in the URL.

What will be the best possible way to secure the URL?

the best way is not to send username and password in the URL — vladkras, Dec 02 '15 at 20:56
how will you send it then ? What way other than performing a Basic Authentication ? — Soumya, Dec 03 '15 at 06:25

Frak · Answer 1 · 2022-08-09T13:52:03.783

5

Given a username and password, you can set them using environment variables like this:

USER=myusername
PASSWD=mypassword

For example, if your camera's IP address is 192.168.0.101, then you can access the camera via its RTSP URL:

rtsp://"${USER}":"${PASSWD}"@192.168.0.101:554

edited Aug 09 '22 at 13:52

answered Mar 02 '21 at 22:13

Frak

832
1
11
32

Please add some details to your answer such that others can learn from it – Nico Haase Mar 03 '21 at 13:01
Thank you! Worked! Example: rtsp://admin:mypassword@192.168.0.26:554/onvif1 – Paulo Henrique Arruda Sep 04 '21 at 18:12

score 4 · Answer 2 · answered Oct 19 '17 at 08:15

4

Username/password in the URL is a way to write url. Rtsp agent will use it to authenticate with basic or digest authentication. So your password will be encoded and transported as a rtsp header.

answered Oct 19 '17 at 08:15

Trizalio

811
7
16

Set username/password in rtsp url

2 Answers2