|
Size: 1362
Comment:
|
Size: 1436
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 3: | Line 3: |
| ---- ''Background info, not necessary for testing:<<BR>> |
|
| Line 4: | Line 6: |
When summa requests to play a file, they send to parameters 1. rmtp://iapetus/doms?skldfhskdfhdskjhfgskd 2. flv:filename.flv Now, the doms plugins decode the right filename from 1, but if the doms plugin is not on the classpath, the execution just contiues onto the flvplayer. The flv player just reads the value of 2, and attempts to play it. If it is configured to request files from the correct folder, it will play. The simple workaround is to have the wowza config point to a wrong folder (so that flvplayer cannot play on it's own) but to have the domsplugin be able to decode the correct location of the video file. Thus, the video should not be played unless the domsplugin is actually run. |
When summa requests to play a file, they send two parameters 1. rmtp://iapetus/doms?skldfhskdfhdskjhfgskd 2. flv:filename.flv Now, the doms plugins decode the right filename from 1, but if the doms plugin is not on the classpath, the execution just contiues onto the flvplayer. The flv player just reads the value of 2, and attempts to play it. If it is configured to request files from the correct folder, it will play. The simple workaround is to have the wowza config point to a wrong folder (so that flvplayer cannot play on it's own) but to have the domsplugins be able to decode the correct location of the video file. Thus, the video should not be played unless the domsplugin is actually run.'' ---- |
| Line 14: | Line 14: |
| 1. Access the doms search interface, that is configured to use the test instance of wowza 1. Attempt to play a video 1. The video should play 1. go into the services/doms_wowza_vhost folder 1. mv applications/lib . 1. restart wowza 1. Access the doms search interface, that is configured to use the test instance of wowza 1. Attempt to play a video 1. You should get "unable to find stream" error or something similar. |
1. Access the doms search interface, that is configured to use the test instance of wowza 1. Attempt to play a video 1. The video should play 1. go into the services/doms_wowza_vhost folder 1. mv applications/lib . 1. restart wowza 1. Access the doms search interface, that is configured to use the test instance of wowza 1. Attempt to play a video 1. You should get "unable to find stream" error or something similar. |
Radio TV Stage Test Wowza Backdoor
Background info, not necessary for testing: Now, the doms plugins decode the right filename from 1, but if the doms plugin is not on the classpath, the execution just contiues onto the flvplayer. The flv player just reads the value of 2, and attempts to play it. If it is configured to request files from the correct folder, it will play. The simple workaround is to have the wowza config point to a wrong folder (so that flvplayer cannot play on it's own) but to have the domsplugins be able to decode the correct location of the video file. Thus, the video should not be played unless the domsplugin is actually run.
We discovered an unfortunate backdoor in the wowza plugin. The problem goes as follows When summa requests to play a file, they send two parameters
To test this, ensure that you have a test environment as identical as possible to stage.
- Access the doms search interface, that is configured to use the test instance of wowza
- Attempt to play a video
- The video should play
- go into the services/doms_wowza_vhost folder
- mv applications/lib .
- restart wowza
- Access the doms search interface, that is configured to use the test instance of wowza
- Attempt to play a video
- You should get "unable to find stream" error or something similar.