Base64 Encoded user/pass not working with auth
  • I must be doing something wrong, but I can't figure out why it's not working. Issuing commands via curl with the user/pass before the IP works ok, but if I convert the credentials to base64 and use auth, it gives an unauthorised error. The test user/pass has full admin rights.

    $ /usr/bin/curl 'http://test:t3st1nG@192.168.1.10:8000/++setSchedule?cameraNum=5&mode=M&id=0'
    OK

    $ echo 'test:t3st1nG' | base64
    dGVzdDp0M3N0MW5HCg==

    $ echo 'dGVzdDp0M3N0MW5HCg==' | base64 --decode
    test:t3st1nG

    $ /usr/bin/curl 'http://192.168.1.10:8000/++setSchedule?cameraNum=5&mode=M&id=1&auth=dGVzdDp0M3N0MW5HCg=='
    401 Unauthorized

    I've tested this on the latest b17 version of SecuritySpy.

    Thanks,
    Paul.
  • Hi Paul,

    There is a flaw in that method you are using to generate the Base64 value, which is that it includes the return character after the string you are trying to encode. So the password comes out with a return character at the end of it, which causes it to fail.

    Instead, use this free online Base64 encoder. You will see that the string "test:t3st1nG" actually encodes to "dGVzdDp0M3N0MW5H".
  • ahhhh, thank you, I knew it was me. :)

    I was trying to avoid submitting my credentials to an unknown online service, but having just looked at the site's privacy policy, I feel more confident using it.

    "All communications with our servers are made through secure SSL encrypted connections (https). Uploaded files are deleted from our servers immediately after being processed, and the resulting downloadable file is deleted right after the first download attempt, or 15 minutes of inactivity. We do not keep or inspect the contents of the entered data or uploaded files in any way. Read our privacy policy below for more details."
  • Just in case anyone else finds this useful, I found an alternative method to encode the credentials:

    openssl base64 [press enter]
    test:t3st1nG [press ctrl+d three times]

    This results in the following:

    $ openssl base64
    test:t3st1nGdGVzdDp0M3N0MW5H

    Just separate the base64 text from the line above.
    dGVzdDp0M3N0MW5H
  • I understand the reluctance to send sensitive information like passwords to these kinds of web services (even though this particular one does seem to take privacy seriously) - thanks for posting an alternative local solution. There are also a few apps on the macOS App Store that do Base64 encoding, so this could be another option.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!