In order to limit access to the steam for undesirable viewers, a secure token authentication method can be activated. The general concept is pretty simple. A MD5 token based on a server time and a password is generated. For even tighter security an IP address can be added to the string. Then same algorithm must be replicated for WWW server-side. Depending on preferences the token will stay valid for up to specified amount of time.
The token is made up from two or three parameters joined together as a single string and encrypted as a MD5.
Below you'll find an example for PHP:
$password = "qwerty"; // sample password $unixTime = strtotime(date('Y-m-d H:i:00')); // rounding time to full minutes $token = md5($unixTime.$password); // simplified version $token = md5($unixTime.$password.$ip); // version with viewer's IP address
SecureStream configuration is located in config/preferences.xml file. Each internal application has its own Stream settings.
<SecureStream enabled="true"> <password>qwerty</password> <ingestIP>true</ingestIP> <timeout>5</timeout> </SecureStream>
|Parameter name||Suggested value||Description|
|SecureStream:enabled||false||Whenever this option is active or not.|
|password||Between 10-16 characters||A password for your secure token.|
|ingestIP||true||Decides whenever IP becomes part of the token (might cause troubles for viewers using proxy services).|
|timeout||Between 3 and 5||Timeout for a token (in minutes).|