Stream Security Functionality - Storm Streaming Server

In order to limit access to the steam for undesirable viewers, a secure token authentication method can be activated. The general concept is rather simple - A MD5 token based on a server time and a password is generated. For even tighter security an IP address can be added to the string. Then same algorithm must be replicated for WWW server-side. Depending on preferences the token will stay valid for up to specified amount of time.

Token algorithm

The token is made up from two or three parameters joined together as a single string and encrypted as a MD5.

unixTime	Unixtime rounded to full minutes.
password	saved in config/preferences.xml file. Here you can check Live Application or Edge Application Configuration to learn more.
IP address	an IP address of a viewer (e.g. 192.168.0.1).

Table 1. Codecs requirements table

Below you'll find an example for PHP:

                        
$password = "qwerty";                       // sample password
$unixTime = strtotime(date('Y-m-d H:i:00'));    // rounding time to full minutes

$token = md5($unixTime.$password);         // simplified version
$token = md5($unixTime.$password.$ip);     // version with viewer's IP address

Don't forget to configure the secure token on player's side. Please check Security settings - Storm JavaScript Library for more details.

On this page

Stream Security

Token algorithm