MySQL Authentication and local Turn Server

[yamaka...@gmail.com]

Hi Guys,

I'm figuring out how to combine MySQL auth with username some password and directly do the same for Turn

For easyRTC itself the MySQL part is kinda understandable but how to combine this part without a username for the same connection the user makes to easyRTC ?

easyrtc.on("getIceConfig", function(connectionObj, callback){
  var myIceServers=[
    {"url":"stun:stun.easyrtc.com:3478"},
    {
      "url":        "turn:turn.easyrtc.com:3478",
      "username":   connectionObj.getUsername(),
      "credential": "345yRTC!"
    }
  ];

  callback(null, myIceServers);
});

I actually have a username in my connect script setUsername, but is it possible to 

When I place this in my server.js after my MySQL Auth for EasyRTC can I also get the password and do I need the username also ? As we only use key for authing a user but we connect using username and key.

Would be great to see some "working" example if possible!

Thanks!

Matt

[Eric Davies]

Ah, some concrete data.

I've yet to see any example ice configurations out there that don't have a user name field. If you've got one that works with webrtc, send it over. 

The clientside of easyrtc will expect to see a username field in turn entries, but it would be a trival edit to change that,  just replace the window.createIceServer function. You can also experiment using the function easyrtc.setIceUsedInCalls.

There probably isn't any checking on the server side.

That's it for the limits of my usefulness :-). Anybody else got more?

[yamaka...@gmail.com]

Hi Eric,

OK, I will do that... but I'm still wondering what exactly happens. You need your Turn Auth with the same credentials as your Stun.

I see connectionObj.getUsername() gets the username from it's stun connection ? so the same should be possible for the password and check that again against the same MySql Database as you use for stun.


[Eric Davies]

Never seen STUN with a username or password. Doesn't need it because STUN is very light weight, a few packets at the beginning of a connection.

[yamaka...@gmail.com]

But for resticting the usage of your stun server you need to if you ask me ?

And doesn't stun need a username to know to connect to who ?


Another question I ask myself at the moment is do we want to run our own TURN servers as the traffic is very high over them, client <-> client connection is the nice advantage of webrtc, but when the firewall block it, you need it. And when using public TURN servers, screencaptures are easy to make for the persons who provide them, like Google ?

Read this Article about it, it's really the "issue" when providing the service yourself where it's a service people don't pay for: http://www.chriskranky.com/will-turn-impact-deployment-of-webrtc/#comment-5763

[Eric Davies]

There are battles worth fighting, and battles that aren't.

Restricting the use of  your STUN server falls under the second category.

Nobody cares about a few packets now and then.

TURN server is an entirely different beast. Very heavy load.

WebRTC has end-to-end encryption, even if your server isn't running SSL. It's part of the spec. The guy with the TURN server just sees encrypted data, and it's just random mush to him.

[yamaka...@gmail.com]

Hi,

OK I understand that but how to Auth using the same username/password for TURN that is also used for STUN ? As this is my basic STUN setup I want to use these credentials on TURN too.

But how ?

[Eric Davies]

See http://easyrtc.com/docs/guides/easyrtc_server_ice.php

You supply ice configuration to the server, the server supplies it to the client.

It's your job to come up with that ice configuration. If you don't know how to produce that ice configuration, then you need to find yourself a programmer.

[yamaka...@gmail.com]

Hi,

I know that but I wonder about passing the password like I described I do the same for the username. All examples are static passwords and not taken from STUN.

Cheers,

Matt