https://www.a-smil.org/index.php?action=history&feed=atom&title=SecuritySecurity - Revision history2026-04-20T13:37:26ZRevision history for this page on the wikiMediaWiki 1.23.17https://www.a-smil.org/index.php?title=Security&diff=182&oldid=prevSMIL T.A. at 09:22, 28 July 20102010-07-28T09:22:38Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 09:22, 28 July 2010</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Security is a concern for digital signage users, especially on an open platform. Mechanisms must be in place to prevent  </div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Security is a concern for digital signage users, especially on an open platform. Mechanisms must be in place to prevent  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* unauthorized access to media assets on <del class="diffchange diffchange-inline">servers</del>, and  </div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* unauthorized access to media assets on <ins class="diffchange diffchange-inline">the server</ins>, and  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* <del class="diffchange diffchange-inline">man-in-the-middle attack to play </del>back unauthorized media files on <del class="diffchange diffchange-inline">public </del>screens.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins class="diffchange diffchange-inline">playing </ins>back unauthorized media files on screens <ins class="diffchange diffchange-inline">in public</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>A-SMIL players support limited security options today and will continue strengthen the <del class="diffchange diffchange-inline">means as a major development direction</del>.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>A-SMIL players support limited security options today and will continue <ins class="diffchange diffchange-inline">to </ins>strengthen the <ins class="diffchange diffchange-inline">mechanisms going forward</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== Player Identification ==</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== Player Identification ==</div></td></tr>
</table>SMIL T.A.https://www.a-smil.org/index.php?title=Security&diff=179&oldid=prevSMIL T.A.: Created2010-07-28T03:03:35Z<p>Created</p>
<p><b>New page</b></p><div>Security is a concern for digital signage users, especially on an open platform. Mechanisms must be in place to prevent <br />
* unauthorized access to media assets on servers, and <br />
* man-in-the-middle attack to play back unauthorized media files on public screens.<br />
<br />
A-SMIL players support limited security options today and will continue strengthen the means as a major development direction.<br />
<br />
== Player Identification ==<br />
<br />
A-SMIL players submit a per-player [[Player ID|unique signature]] in the HTTP User-Agent header. This allows identification by specialized media servers to prevent unauthorized access from a standard web browser. However, the determined hacker can produce a simulated User-Agent header to circumvent this mechanism.<br />
<br />
== HTTP Authentication ==<br />
<br />
HTTP basic and digest authentication is supported by A-SMIL players today. URLs can contain user name/password pairs per Section 3.1 of RFC 1738. The weakness of this scheme is that the user name and password pair is stored in plain text in the SMIL file. The determined hacker may discover the information using a sniffer in the same IP subnet as the media players.<br />
<br />
== Future Direction ==<br />
<br />
A-SMIL is moving towards making HTTP over SSL (a.k.a. HTTPS) a mandatory requirement for all media players. This will prevent sniffering that makes the current security mechanisms vunerable.<br />
<br />
== Related ==<br />
<br />
* [[Player ID]]<br />
* [[SMIL Connectivity]]</div>SMIL T.A.