Difference between revisions of "Security"

From A-SMIL.org
Jump to: navigation, search
(Created)
 
m
 
Line 1: Line 1:
 
Security is a concern for digital signage users, especially on an open platform. Mechanisms must be in place to prevent  
 
Security is a concern for digital signage users, especially on an open platform. Mechanisms must be in place to prevent  
* unauthorized access to media assets on servers, and  
+
* unauthorized access to media assets on the server, and  
* man-in-the-middle attack to play back unauthorized media files on public screens.
+
* playing back unauthorized media files on screens in public.
  
A-SMIL players support limited security options today and will continue strengthen the means as a major development direction.
+
A-SMIL players support limited security options today and will continue to strengthen the mechanisms going forward.
  
 
== Player Identification ==
 
== Player Identification ==

Latest revision as of 09:22, 28 July 2010

Security is a concern for digital signage users, especially on an open platform. Mechanisms must be in place to prevent

  • unauthorized access to media assets on the server, and
  • playing back unauthorized media files on screens in public.

A-SMIL players support limited security options today and will continue to strengthen the mechanisms going forward.

Player Identification

A-SMIL players submit a per-player unique signature in the HTTP User-Agent header. This allows identification by specialized media servers to prevent unauthorized access from a standard web browser. However, the determined hacker can produce a simulated User-Agent header to circumvent this mechanism.

HTTP Authentication

HTTP basic and digest authentication is supported by A-SMIL players today. URLs can contain user name/password pairs per Section 3.1 of RFC 1738. The weakness of this scheme is that the user name and password pair is stored in plain text in the SMIL file. The determined hacker may discover the information using a sniffer in the same IP subnet as the media players.

Future Direction

A-SMIL is moving towards making HTTP over SSL (a.k.a. HTTPS) a mandatory requirement for all media players. This will prevent sniffering that makes the current security mechanisms vunerable.

Related