Livevideo from GDS3710 without Login?


#1

Hello everybody,

i have a GDS3710. Is it possible to watch the video without login (user and password)
For example, in the browser firefox, in an app on Android Tablet or in Loxone.

Best regards

Albundy


#2

unfortunatly not, you have to add username “admin” and the admin password to the request (which is really bad security practise)

we have been asking for a feature like that (snapshots and video) without passwords or with digest authentication (or even better both)

Mike


#3

This feature will be supported in future firmware but user will take their own security risk to enable this feature (by default disabled). Please keep tuned.

Thank you for using Grandstream GDS3710!


#4

Thank you for your message.
But when is a firmware update to be expected. Version 1.0.45 was deleted again?

Best regards
Albundy


#5

Thanks for the update. I sure hope one will be able to pull just the static image or mjpeg stream.

I tried to intergrate the current „API“ but failed because it does not send the image but a html Page with the image embedded. This doesn‘t make any sense.

Is it supposed to work this way? Documentation error? Missing documentation? Bug?

The simplest way would be a url where an image (or mjpeg stream) can be loaded without or with digest authentication.

See release notes from 1.0.4.34
—————
Basic authentication of MJPEG video or Snapshot image via HTTP API to easy 3rd party
System Integration, similar to GS IPC implementation.
For easy system integration (with the cost of less secure), once the feature enabled (default is
disabled), user can send HTTP API with correct credentials to retrieve MJPEG video or JPEG
snapshot from GDS3710, similar to the behavior of Grandstream IP Cameras.

The HTTP API or CLI command listed as below:
MJPEG Video:
http(s)://admin:password@IP_GDS3710:Port/jpeg/mjpeg.html < loads a full page, not just the stream
JPEG Snapshot:
http(s)://admin:password@IP_GDS3710:Port/jpeg/view.html < loads a full page, not just the Image

NOTE:
MJPEG stream may feel like animation due to the compromise of video quality and bandwidth.
Similar command can be applied to open source application like VLC MediaPlayer to retrieve
H.264 video stream with better quality:
rtsp://admin:password@IP_GDS3710:Port/X <- works fine with e.G. vlc but embedding the admin password here is ridiculous
where X= 0, 4, 8 corresponded to 1st, 2nd and 3rd video stream where 2nd recommended.


I get power but no data GDC3710
#6

@MikeK: For FW later than 1.0.4.34, you need to go to “System Settings ==> Access Settings”, select “MJEPG Authentication Mode” to “Basic” mode, then those will work but user name and password are indeed required to be input.

We will implement “anonymous” mode (like GS IP Camera) to retrieve snapshot and MJPEG stream in future firmware, so no user ID and password are required when enabled (default disabled).

Please keep tuned. Hope this helps. Thank you for using Grandstream GDS3710.


#7

I know how to enable access to images and mjpeg, that works for me.
My Problem is the “new api” gives you a html page with the image embedded, we need just the image!

Thanks for the continued support and development on the GDS, it is appreciated!!!


#8

#9

#10

I have upgraded to 1.0.5.2 beta firmware and after checking “Anonymous Live View” under Access Settings and rebooting it is still prompting for login to view, is there any estimate when this will be available? Or maybe the ability to assign a View Only user?


#11

@rapple: Please read RELEASE NOTE, Page 25:
http://firmware.grandstream.com/BETA/Release_Note_GDS3710_1.0.5.2.pdf

You will need a new URL to do this.
https://IP_GDS3710:Port/videoview.html

Thanks for using GDS3710.


#12

Thank you, that is great news! I will test.


#13

Confirmed, it works in Firefox with stream 1 and 2 (h.264), but

  1. Stream 3 (mjpeg 320x240 and 5 fps) does not want to show (however please do note that accessing the MJEPG stream with basic auth as described below under 6. works fine). Chrome has more issues with all streams and I got it to work only once with stream 1.

Could we please also have a way to

  1. access each stream (1, 2 or 3) plain and directly without being wrapped in a HTML page where the user first needs to click and select the desired stream? This matters for example for a tablet in kiosk mode. Something like:

https://GDS_IP:PORT/stream1
https://GDS_IP:PORT/stream2
https://GDS_IP:PORT/stream3

  1. Is there an anonymous method to access to the RTSP stream?

  2. Typo: The FW release notes state on p.25 “ALLOW ANONYMOUSE VIEWING”, which should read ANONYMOUS instead (get rid of the trailing E)

  3. While I am at it: With 1.0.5.2 I can get the RTSP stream 4 and 8 to work just fine, but 0 (the highest resolution) will not work in VLC 3.0.6. Using HTML however this first stream is just fine and works as expected. What gives? I am using with X = 0, 4 or 8:

rtsp://admin:password@IP_GDS3710:Port/X

  1. Documentation error in the user guide: On page 82 the old MJPEG stream URLs are still listed that do not work anymore with the new HTTP API of this firmware:

http(s)://admin:password@IP:port/jpeg/streamX (X=Stream channel 0,1,2)

  1. Note: The user guide lists two additional MJPEG URLs that work once “Basic” authentication has been enabled, one embedded in a web page and also a plain video stream. This works independent of the three configurable streams and always delivers a high resolution MJPEG stream - be aware of the traffic! Quote:

1- The MJPEG stream can be retrieved via the following URL
HTML based ➔
http(s)://admin:password@IP_GDS3710:Port/jpeg/mjpeg.html
Stream ➔ http(s)://admin:password@ip:port/jpeg/stream
2- The MJPEG stream retrieved via the methods above is running on
the background and cannot be tuned. If users want more flexibility,
they can use the three configurable video streams as shown on
[Retrieving Video Streams]


#14

Thanks for the post. I just noticed that once you enable anonymous LiveView, load the https://IP_GDS3710:Port/videoview.html into the browser, and select one of the camera feeds (1/2/3), if you monitor the post request happening in the browser, the response you get back contains an XML file that contains the admin user id and password in clear text (see below). So it appears that anonymous is not quite anonymous. If you enable door control with this device, that is certainly a risk with the admin password exposed. Until this is fixed, I think the rtsp proxy server may be the way to go (save the id/pwd in the proxy server). Just getting started here, so maybe someone can assist getting this sent up to GrandStream for resolution.

<?xml version="1.0" encoding="ISO-8859-1"?>
<Configuration>
	<ResCode>0</ResCode>
	<RetMsg>OK</RetMsg>
	<P12307>1025</P12307>
	<P12707>1022</P12707>
	<P13107>0</P13107>
	<P903>554</P903>
	<P3>admin</P3>
	<P2>password</P2>
	<stream_idx>0</stream_idx>
	<P12904>30</P12904>
	<P12306>96</P12306>
	<P12706>96</P12706>
	<P13106>96</P13106>
</Configuration>

#15

@IT-Guy: Thanks for the good catch. This will be fixed in next firmware release. Please keep tuned. Thank you for using GDS3710.


#16

@AllUp: Appreciate for the testing and error finding. The typo and errrta in the documents have been updated in the official website. The bugs will be fixed in next firmware release.

Thank you very much for testing and using GDS3710.