User:Ms7821/Security theatre
From London Hackspace Wiki
Currently webcams are easy to access on any device, simply by knowing the URL.
The following people requested for it to be members only
Montyphy | Monty |
TheHypnotist | Morris |
SamLR | Sam Cook |
Russss | Russ Garrett |
layer1gfx | Chris |
SheraDreaming | Lauren |
roberthl | Robert Leverington |
The following people requested it be left public
Renski | Darren McDonald |
ms7821 | Mark Steward |
dmi | David Ingram |
Paul2 | Paul Dart |
elliot_w | Elliot West |
solexious | Charles Yarnold |
earthshine | Mike McRoberts |
srimech | Jim MacArthur |
dirkx | Dirk-Willem van Gulik |
tajasel | Katie Sutton |
tomwyatt | Tom Wyatt |
Phil | Phil Roy |
v21 | George Buckenham |
varoudis | Tasos Varoudis |
Sunkzero | Darren Hubbard |
eb4890 | Will Pearson |
Eithin | Sam Kelly |
TheHypnotist | Morris |
Roberthl has already suggested a rearrangement of the cameras[1].
I hope that's enough, but if not, here's how the members-only limit might work without causing too much disruption:
- Logged in user visits webcam page
- Auth cookie is checked; user is given a long-lived cookie with auth details
- User is redirected to current URL with key (random)
- Current URL with key can be distributed
Periodically, current URL changes
- When current URL key is wrong, long-lived cookie is checked and user reauthenticated
- If user is still active, user is redirected to current URL with key
- If not, user is invited to ask on IRC
This of course does nothing to protect against a member who forwards the streams, or writes an API to make the URL available to the wider world. But hey, it might stop a tiny bit of trolling.