How to safely command an axis camera with curl?

I have an Axis PTZ camera I want to command using CURL.

I know this command line works :

curl http://LOGIN:PASSWORD@IP/axis-cgi/com/ptz.cgi?rpan=10

But, as you can see, le login/password are clearly written in the URL.

So I tried in HTTPS with :

curl -k https://LOGIN:PASSWORD@IP/axis-cgi/com/ptz.cgi?rpan=10

... where the -k ignore certificate warnings.

It works too, but I want to be sure that my login/password are encrypted using this way.

Anyone can confirm ? (or give a way to command this camera safely)

Edit : well, I just edit my post to "bump"... :-°


Yes, your login and password are encrypted when using HTTPS - even if they are transmitted as GET data embedded directly in the URL. See this question for more info.

However, by specifying -k as an option to curl you are essentially disabling its certificate validation features. This makes it prone to man-in-the-middle-attacks as described in this answer. A successful attack of this kind would render your entire connection (including your credentials) decipherable.

链接地址: http://www.djcxy.com/p/21736.html

上一篇: TLS握手期间中间人攻击的可能性

下一篇: 如何安全地命令卷曲的轴相机?