[FFmpeg-devel] 答复: [PATCH] fftools/ffmpeg_ffplay_ffprobe_cmdutils: add -safe to replace the user name and password in the protocol address

Wujian(Chin) wujian2 at huawei.com
Mon Dec 19 04:49:03 EET 2022 

>Am Sa., 17. Dez. 2022 um 08:36 Uhr schrieb Wujian(Chin) <wujian2 at huawei.com>:
>>
>> The Protocol address may contain the user name and password. The ps -ef command may expose the plaintext.

>Please add a sentence explaining why this is an issue.

Other users can run the ps -ef command to view sensitive information such as the user name and password in the URL, which is insecure.


>> The -safe parameter option is added to replace the user name and password in the command line with the asterisk (*).
>>
>> Signed-off-by: wujian_nanjing <wujian2 at huawei.com>
>> ---
>>  doc/ffmpeg.texi    |  7 +++++++
>>  doc/ffplay.texi    |  8 ++++++++
>>  doc/ffprobe.texi   |  7 +++++++
>>  fftools/cmdutils.c | 47 
>> +++++++++++++++++++++++++++++++++++++++++++----
>>  fftools/cmdutils.h | 15 +++++++++++++++
>>  fftools/ffmpeg.c   | 16 +++++++++++++---
>>  fftools/ffplay.c   | 15 +++++++++++++--
>>  fftools/ffprobe.c  | 18 ++++++++++++++----
>>  8 files changed, 120 insertions(+), 13 deletions(-)
>>
>> diff --git a/doc/ffmpeg.texi b/doc/ffmpeg.texi index 0367930..e905542 
>> 100644
>> --- a/doc/ffmpeg.texi
>> +++ b/doc/ffmpeg.texi
>> @@ -50,6 +50,13 @@ output files. Also do not mix options which belong 
>> to different files. All  options apply ONLY to the next input or output file and are reset between files.
>>
>>  @itemize
>> + at item -safe
>> +The Protocol address may contain the user name and password. The ps -ef command may expose the plaintext.
>> +The -safe parameter option is added to replace the user name and password in the command line with the asterisk (*).
>> + at example

>> +ffmpeg -safe -i rtsp://username@password.xxxx.com

>I believe this should be example.com

>Carl Eugen

ffmpeg -i rtsp://username:password@url  test.mp4
eg:ffmpeg -i rtsp://jack:WSX2344we@10.0.0.1:8554/stream/testqwee test.mp4
The user name and password are used for interaction with the video source server.

I'll modify the document description later.
Carl Eugen, thanks for your question.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel at ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".

More information about the ffmpeg-devel mailing list