Icecast - Aug 2004 - External authentification-module for listening to icecast2-streams?

On 7 May 2003 at 20:14, Michael Smith wrote:
> On Wednesday 07 May 2003 19:34, Stefan Neufeind wrote:
> > Hi,
> >
> > today we came across the idea of adding an external
> > authentification- module for listening to icecast2. There have
> > recently been talks with artists and music labels that they would
> > like to receive "a small fee" per listener to e.g. a concert
> > streamed live over the internet.
> >
> > What do you think of adding an external authentification-module so
> > that the user could listen to a stream with urls like:
> >
> > http://customer0815:ajskl0a9@testserver:8000/concert
> >
> > The idea behind it is to offer a service where users can log on to
> > the concert with an account that generates a dynamic playlist
> > containing these URLs. Is the usage of login-information possible
> > with the usual players (XMMS, WinAmp, ... or even a MediaPlayer, a
> > Flash-movie etc.)? As soon as the listener enters / leaves this has
> > to be clearly be noted in the access_log-file so that the user could
> > be charges with a certain amount for each minute he has been
> > listening to the stream.
> >
> > What do you think about it? Is a login possible with the usual
> > players? Anybody got a suggestion in which way to implement such an
> > external authentification (e.g. calling a program that returns if
> > user is allowed to listen)?
> >
> >
> 
> Potentially a quite interesting feature. Shouldn't even be too
> difficult to integrate, really. I suspect that many (and possibly even
> most?) players won't support it, though. Worth spending an hour or two
> experimenting if you're interested in it, though.
Okay, then how about simply adding it past the URL? Like

http://testserver:8000/concert?session=abc10283kasld

hould work, right? Or are there cons against this? All we would have 
to add is a "split at ?"-routine to icecast2.
--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to
'icecast-request@xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is
needed.
Unsubscribe messages sent to the list will be ignored/filtered.

On 7 May 2003 at 21:22, Michael Smith wrote:
> > > Potentially a quite interesting feature. Shouldn't even be
too
> > > difficult to integrate, really. I suspect that many (and possibly
> > > even most?) players won't support it, though. Worth spending
an
> > > hour or two experimenting if you're interested in it, though.
> >
> > Okay, then how about simply adding it past the URL? Like
> >
> > http://testserver:8000/concert?session=abc10283kasld
> >
> > should work, right? Or are there cons against this? All we would
> > have to add is a "split at ?"-routine to icecast2.
> 
> icecast already splits query parameters out like this. The
'against'
> would be that this doesn't even have a slight pretense of security,
> and it's really not a very nice way to do things when HTTP _does_ have
> proper authentication built in. 
> 
> But, you could try it out if you wanted (I'd still try using HTTP
> BASIC auth, to see if most clients support it, first).
Well okay, this might be tried out. We'll see if most programs do use 
this. Also: "HTTP BASIC" isn't secure either :-) And since
we're not
talking about passwords but session-keys I think it might be okay, 
don't you? Hmm - the more I think about it, the more I like the
"?"-
appending-idea :-) We just need to have an external tool that can be 
configured to be called upon connection (and maybe disconnection) 
that would receive the query-string e.g. in environment. This 
shouldn't be to hard to code. Like a cgi ...

I'll have a look at it in the next days.
 Stefan
--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to
'icecast-request@xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is
needed.
Unsubscribe messages sent to the list will be ignored/filtered.

> > Potentially a quite interesting feature. Shouldn't even be too
> > difficult to integrate, really. I suspect that many (and possibly even
> > most?) players won't support it, though. Worth spending an hour or
two
> > experimenting if you're interested in it, though.
>
> Okay, then how about simply adding it past the URL? Like
>
> http://testserver:8000/concert?session=abc10283kasld
>
> should work, right? Or are there cons against this? All we would have
> to add is a "split at ?"-routine to icecast2.
icecast already splits query parameters out like this. The 'against'
would be
that this doesn't even have a slight pretense of security, and it's
really
not a very nice way to do things when HTTP _does_ have proper authentication 
built in. 

But, you could try it out if you wanted (I'd still try using HTTP BASIC
auth,
to see if most clients support it, first).

Mike

--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to
'icecast-request@xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is
needed.
Unsubscribe messages sent to the list will be ignored/filtered.