How to secure my screen sharing link

R

Rajesh

New Member
Sir i am using screen sharing . I want to secure my wss link so that if anyone copy link or iframe from my site it should not work directly or his domain. Kindly tell how i can do that...
 
Max

Max

Administrator
Staff member
Good day.

You can use REST hooks to backend server allows or does not allow client to connect WCS (screen sharing in you case). The workflow looks like this:

1. You configure the backend server.
Code: 
https://<your backend server>/hook/connect
2. Your backend returns 200 OK if clients has rights to connect, or 403 Forbidden if has not.
For example,
PHP: 
<?php
   header('HTTP/1.1 200 OK',true,200);
?>
3. Test step 2 from you WCS server:
Code: 
[root@p16 /]# curl -k -I https://<your backend server>/hook/connect
HTTP/1.1 200 OK
Date: Thu, 31 Oct 2019 16:48:39 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
Content-Type: text/html; charset=UTF-8
4. Update your WCS to send REST hook queries to your own backend: get access to core CLI via SSH
and modify the app and add data:
Code: 
update app -l https://<your backend server>/hook defaultApp
5. Pass as custom parameter user authentification data to createSession function.
Edit JS file and add custom data - userTest and passTest:
Code: 
https://<your WCS IP-address or domain name>:8444/client2/examples/demo/streaming/screen-sharing/screen-sharing.js
Code: 
function start() {
  ...
    Flashphoner.createSession({urlServer: url,custom:{userTest: "passTest"}}).on(SESSION_STATUS.ESTABLISHED,function(session){...})
    ...
}
6. Add custom parameter user authentification data to backend server.
For example,
PHP: 
<?php
$incoming_data = json_decode(file_get_contents('php://input'), true);

if ($incoming_data['custom']['passwd'] == 'passwdTest') {
    header('HTTP/1.1 200 OK',true,200);
} else {
    header('HTTP/1.1 403 Forbidden',true,403);
}
?>

7. Client tries to connect to your server:
Code: 
https://<your WCS IP-address or domain name>:8444/client2/examples/demo/streaming/screen-sharing/screen-sharing.html
If in the screen-shared.js file user data and authentication data on the internal server match - screen sharing to this user allowed.
 
Last edited:
You must log in or register to reply here.
Top