Results 1 to 6 of 6

Thread: http authentication

  1. #1

    Thread Starter
    Member
    Join Date
    Dec 2010
    Posts
    41

    http authentication

    hey guys, i;v recently been learning java in ECLIPSE for my android device, my goal is to create a custom interface for my IPcamera, which so far has gone quite well for the most part, however i have run to a problem with authentication, where in explorer a grey box pops up.
    I was always under the impression that by just doing this:

    http://login: pass@doggycam.com/snapshot.cgi

    would input the security data, but on my device is not happening, im hoping that the java is close enough you guys can help,

    or maybe get me as far that i can understand exactly what is "not" happening..
    also i read that the login: pass gets encrypted maybe it is possible to just pre-code it and send it normally in my http string??

  2. #2
    Frenzied Member tr333's Avatar
    Join Date
    Nov 2004
    Location
    /dev/st0
    Posts
    1,605

    Re: http authentication

    I think that will only work for Basic Authentication as the credentials are passed in plaintext. It won't work for Digest Authentication as that requires the password to be hashed before sending to the remote server.
    CSS layout comes in to the 21st century with flexbox!
    Just another Perl hacker,

  3. #3

    Thread Starter
    Member
    Join Date
    Dec 2010
    Posts
    41

    Re: http authentication

    sweet, i have been reading alot, and different stuff, i noticed that when it pops up on explorer it mentions:
    the site says:
    ipcamera_00D6FB01231F

    is it simple to hash? can we do it if i have all the details? i can form ascii strings so if it is a constant value maybe i can just reuse it in a string? it would be best, i am sending cgi commands so i know exactly when it needs a secured string. and have the l/p

    looking at the link:
    HA1 = MD5( "Mufasa:testrealm@host.com:Circle Of Life" )
    = 939e7578ed9e3c518a452acee763bce9

    HA2 = MD5( "GET:/dir/index.html" )
    = 39aff3a2bab6126f332b942af96d3366

    Response = MD5( "939e7578ed9e3c518a452acee763bce9:\
    dcd98b7102dd2f0e8b11d0f600bfb0c093:\
    00000001:0a4f113b:auth:\
    39aff3a2bab6126f332b942af96d3366" )
    = 6629fae49393a05397450978507c4ef1


    is that the "encryption" type to use, and how it outputs? is this type called RFC 2617?


    if i am reading this correctly, all i need to do is split each byte to 4bit, then add another 4bit position char?

  4. #4
    Frenzied Member tr333's Avatar
    Join Date
    Nov 2004
    Location
    /dev/st0
    Posts
    1,605

    Re: http authentication

    Instead of trying to put the username/password into the url, it's better to put that directly into the HTTP headers. That way, the username and password don't get cached anywhere. Also, even if you are doing this over SSL/TLS then having the credentials in the url will not be secure in any way.

    As with all crypto/security stuff, you should never try to "roll your own" when there are frameworks available to do it for you. Java should have native libraries to handle basic/digest http auth, but I can't help you on that part. It all depends on what your IP camera supports, which will most likely be just basic auth.
    CSS layout comes in to the 21st century with flexbox!
    Just another Perl hacker,

  5. #5

    Thread Starter
    Member
    Join Date
    Dec 2010
    Posts
    41

    Re: http authentication

    its all good, im not worried about security at all, i just want to get this up, and can't disable cam security, maybe a example of how to put into headers could help, i will try it, but not priority issw

    but i am confused, would you be able to tell what exactly i need, i thought it would be basic auth aswell, but wouldnt the code feed from the url then, ie L: p@cam? (there is no encryption, response handlers requ'd or any other strange things then?)
    here is the cam info for you to get in if it helps, maybe you have a way to tell?(the display page will show without the password, but not the feed itself):

    http://173.33.147.241:99/index1.htm
    admin
    admin

    i have to mention, this is my first android app, and im not understanding the framework support pages, also there is little help in the android forum, btw how different is my java different from the java here, i would presume they are same syntax but maybe with different import packages? I ask cause again i like c+, but am new to java and first time doing any sort of web connection, thus have several small questions about several things (mostly syntax)

  6. #6
    Frenzied Member tr333's Avatar
    Join Date
    Nov 2004
    Location
    /dev/st0
    Posts
    1,605

    Re: http authentication

    I would suggest this be moved to the Java forum, if any mods happen to be reading this.
    CSS layout comes in to the 21st century with flexbox!
    Just another Perl hacker,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width