How to safely command an axis camera with curl?
I have an Axis PTZ camera I want to command using CURL.
I know this command line works :
curl http://LOGIN:PASSWORD@IP/axis-cgi/com/ptz.cgi?rpan=10
But, as you can see, le login/password are clearly written in the URL.
So I tried in HTTPS with :
curl -k https://LOGIN:PASSWORD@IP/axis-cgi/com/ptz.cgi?rpan=10
... where the -k ignore certificate warnings.
It works too, but I want to be sure that my login/password are encrypted using this way.
Anyone can confirm ? (or give a way to command this camera safely)
Edit : well, I just edit my post to "bump"... :-°
Yes, your login and password are encrypted when using HTTPS - even if they are transmitted as GET data embedded directly in the URL. See this question for more info.
However, by specifying -k
as an option to curl you are essentially disabling its certificate validation features. This makes it prone to man-in-the-middle-attacks as described in this answer. A successful attack of this kind would render your entire connection (including your credentials) decipherable.
上一篇: TLS握手期间中间人攻击的可能性
下一篇: 如何安全地命令卷曲的轴相机?