Allow users to automatically create nx-vms:// URLs
Planned
Hi,
Nx has many exceptional features in the market, but in my opinion, one of them is very underestimated, because it is blocked from use.
Here it is described:
https://support.networkoptix.com/hc/en-us/articles/360046141254-How-to-Call-Client-using-URL-
I really like the functionality where you can create a special URL, which automatically opens Nx client logged into a specific server and account, and on a specific moment on a time line, with all the resources like many cameras, web pages also automatically opened.
So we can create (construct!) such amazing URLs and send them to other users, so they can quickly see some specific multi-camera events in a specific moment on a time line.
But what we are really missing here, is an easy option to create such URLs from GUI....
Constructing such URLs manually is very difficult and tiresome, and you need to know the ID of all resources like server, cameras, web pages, the authenticator, the timestamp (epoch). It is simply impossible for a typical person.
So my New Feature Suggestion is: in playback mode, please give us a GUI option in Nx client to create such URL automatically from current view.
For example: when in playback mode, user can right click on layout background and get an option: "Copy URL of this view" and then user can share the URL to show EXACTLY the same view to some other person who has Nx client installed.
-
Tomasz Polus
yeah, this is a great idea, thanks!
When we designed this URLs we've also thought about using them as you suggested, but till now we haven't added them in UI simply because we had more important features in the queue
"Copy URL of this view" sounds like link to the layout, am I right?
Also, if we will implement those links, they won't contain user authentication information. Only link to the system and to the layout, which will require the user to log in and then open it (or if credentials are saved, the system will open automatically)
So, as for me, the main problem from a security and design perspective now is this part of mentioned article:
{access_key}: An access key is used in the general format to authenticate the URL and gain access to the system without manually logging in. The access key is placed after "?auth="; without it, the link would just display the “incorrect username/password” error in the client.
So this needs to be changed, the user must be able to log in and then specified action is performed.
I'll add or more thing: we are planning updates mechanism improvements in an upcoming release which will include links to the updates/patches, so you'll simply need to click on the link and the client will be opened with an update ready to be installed. This is mainly for big systems support, but this is one of the examples of URLs usage that we plan to be released in the nearest future.0 -
- Authorized Reseller
Hi Tagir
"Copy URL of this view" is not neccessarily a link to the layout. I'd rather say a link should containt all the resources visible on the screen at the moment when copying the URL of the current view. But if this is problematic, then link to the layout is also a nice solution.
I don't see any problem with auth={access_key} parameter. It is just a base64 representation of the username and password. It is described in the article. So it is very easy to include this into the URL to login automatically, but also not secure.
Yes of course base64 enconding is not a secure solution. It is too easy to "decrypt". Therefore, please consider using some real encryption mechanism. In my opinion, "Copy URL of this view" option should encrypt the credentials (create a hash) and include the hash to the URL to login automatically. It should be impossible to decrypt credentials from the URL hash . However, server should be able to compare hash from the URL with the hash in account database and login automatically if they match.
0 -
Tomasz Polus
my concern is that the link itself gives access to the system.
So if anyone finds a link, he can access this system anytime. So link sharing will be equal to sharing credentials, no matter how we encrypt password in it. That's not a secure solution
As for me, it should work like sharing a layout without sharing access to the system. So the authentication will be required anyway.
Or we need some way of sharing layout only, so it will be shown someow without access to whole system. The same way as you share a file in different cloud solutions (google drive or dropbox). But this sounds too difficult for me. We plan implementing a link-sharing for archive, maybe it can be extended to layouts also.0 -
- Authorized Reseller
Okay Tagir, it sound reasonable to me, but please try to follow this suggestion below (it is important for me, but I believe it will be also a good solution for most users).
Currently when you open nx-vms:// protocol handler, you open new Nx application window. So when users clicks three links, he opens three different Nx app windows. It is annoying in my opinion. Please respect currently opened Nx application window, just jump inside into specific resources and specific moment in time (timestamp). Also please respect currently logged on cloud user in this Nx app window. So when cloud user is already logged in, use his account without asking him to re-login. If currently logged cloud user account cannot access those URL resources, then ask o re-login or respond "sorry you have no access to these resources".
That way, you will not include credentials into the URL, but you still offer customer a quick way of opening many URLs without having to login again and again. Seems safe, efficient and very user friendly at the same time.
What do you think about this idea?
0 -
Tomasz Polus
all great! Thanks, Tomasz! UX with those URLs should be like this, I agree
We will do our best to implement it this way, but we need to investigate if it is feasible or not0
Please sign in to leave a comment.
Comments
5 comments