I can see the potential of this application however it does not work well -
Issue 1:
I have five IP cameras, all of them are detected by iSpy (and by the software provided by the manufacturer). However, when I run ‘Netcam Studio’ → ‘find camera’ it only detects one camera. Each time I close Netcam Studio and then re-run it, Netcam Studio manages to detect a camera (not necessarily the same camera it detected previously). All cameras are ONVIF compliant.
URL for the camera: http://www.smtsec.com/pro.aspx?id=342
Issue 2:
I embedded a video stream to my website using the M-Jpeg code provided by the Netcam Studio (the HTML is for a user not for admin). The video works pretty well. Trouble is I can access this video stream from any device even if that device accesses the site for the first time. I made sure my ‘test user’ should only view the video and nothing else and the user does have a password. I tried clearing browser cache, clearing website cache, tried this on a computer and tried this on a mobile phone but nothing helps, the video stream is wide open for anyone to see, obviously not good.
Thanks for your feedback, for the point 1 can you please give a try using OnvifDM and post here two screenshots.
a) The result of search in ONVIFDM
b) The result of search in Netcam Studio
Issue 2:
Can you please provide some concrete examples, at the begining we were caching the logged users and then using the IP address to authenticate the sessions however this had some security issues allowing anybody with the same WAN ip to gain access rights. This was even before 1.0, since then every request needs to be authentified so the issue you describe seems strange and I would appreciate some clarifications / concrete examples
Issue 2 -
What do you mean by ‘concrete examples’?
I activate the Netcam Studio server x64 on Windows 10
In Netcam Studio, I add a user call it ‘Test’ and I set password for this user
I click on the icon to see the HTML tags and I choose M-Jpeg. I choose that user (not admin)
I put the HTML tag on web page on my website which is hosted far and away from my computer. My computer is where the Netcam Studio Server runs
I navigate through my mobile phone to my website (not through Wi-Fi, I use the 4G network for this)
I select ‘Cam’ and I can see the video stream, no password is required
To be sure I clear the cached of my mobile browser still same result.
Since I am using caching on my website I also clear the cache on my website still same result
Regarding Issue 2. For me that behavior is correct. If you embed the HTML code on a web site you want everyone to see the video stream without a password. If you want the video stream to be protected you access NCS using some of the other possibilities.
However, I discovered another issue which I do not like. I create a user named test with password. The user can only see the stream from cam 0. I login to NCS using web client, win client or mobile client the stream from cam 0 is only available. Now I generate the HTML code to embed in a web site and I get this code http://127.0.0.1:8100/Mjpeg/0?authToken=5bxxxxxxxxx. I can see the stream from cam 0. However, when I change cam “0” to another cam like “1” or “2” i can also see that video stream. For me that is not correct?
Hi Henrik,
I think the bug that you have discovered is indeed not good. If you can simply change the HTML tag and see other cameras that is a worry.
How would you protect the stream from hackers. If the camera is not protected by a password just inspect the HTML element then copy & paste the HTML tag to your webpage and you can see the stream. Is there a way to force a password protection or randomly generate a token each time you restart the Netcam Studio server?
What are your thoughts about issue 1?
Now we are beyond my knowledge so I forwarded this to the Admin to look into asap. For Issue 1, onvif and NCS have some difficulties to join forces and must also be addressed if the option is going to be there. By the way, very nice camera. Is the quality of the optics and image quality as good as the rest of the specifications?
-Henrik
Please give a try to this 1.3.2 version (updated right now):
If you already have a 1.3.2 you may need to uninstall / reinstall (settings will be kept).
If should fix both problems: the authentication token problem and the onvif detection of multiple instances of the same cameras. I have several onvif cameras but not twice the same so I couldn’t validate myself that the issue so please report once you have opportunity to give it a try.
Hi There.
I tested this new version here are the results -
Netcam Studio does find all cameras now
Netcam Studio now asks for a password when you view your camera over a webpage BUT,
password is only required first time you navigate to your ‘camera page’ (the webpage with the HTML tag that I get from ‘Netcam Studio’). When I close the browser then re-open it and navigate again to the same ‘camera page’ I am not asked for a password. I can see the camera straight away. Is there a way to ask for a password each time you navigate away then come back to see the camera? Perhaps force cache clear or expire cookies?
I have not yet checked what happens if I manually change the source from say 0 to 1 in the HTML tag when
I view a camera. I will test this and will let you know.
Finally, I want to run the video stream from my computer to my website over https, My website already has SSL certificate however my personal PC does not have SSL certificate. Now I found instructions for SSL on the ‘Netcam Studio’ FAQ hopefully these instructions are still current. I will test this and let you know.
I do not have the knowledge to tell what exactly is wrong, but an “unexpected” shot down of a real time system is always risky. However, in your situation and if ncs refuse to start again I would remove and install ncs again. The settings are not lost in this process. That is my simple solution for the moment to get it running again.
The only way to fix the above mentioned problem was to delete the Netcam Studio after uninstalling it, then re-installing Netcam Studio.
SSL does not work. I generated p12 certificate using OpenSSL (CA and p12) installed the certificates and followed the instructions from your website, but I cannot see the video stream on a webpage when I specify https as the source (my website does have SSL certificate as well just to be sure).
Any way to fix this issue? Does the extension of the personal information exchange needs to be pfx or extension ‘p12’ is just as good?
No it has fo be pfx (contains private key as well).
Part of the .bat in the tutorial thread the last part is converting to .pfx just be careful that the password is contained in the command so if you use the example as is it will work only with the default password (which is test if i remember) otherwise the .bat must be adjusted accordingly
p12 contains the private key the only difference is the extension of the file (you export it to xxx.pfx or you export it to xxx.p12)
I used the instructions that you can see in the following URL:
