The external server can then use those credentials whenever needed to pull videos/images from the recording server(s).
I understand that for a plugin to get officially certified on the Milestone marketplace it has to be reviewed first by Milestone, and I’m wondering if a practice like this may be frowned upon or get rejected outright.
Of course, using configuration related events, the credentials will be POSTed again to the external server whenever they are updated.
Thank you.
@Bo Ellegård Andersen (Milestone Systems) @Peter Posselt Vergmann (Milestone Systems)
We cannot recommend this approach for security reasons. I would still recommend implementing a way for the user to provide it on the external server (e.g. a command line option on the service application that will then store the password in a save manner for the service to read). Alternatively if the external service is running on the same Windows domain as the VMS you can also just configure the account the service will be running under and then log in to XProtect using ‘current user’.
Of course if some sort of strong encryption is used for the transfer of the user name and password the approach you suggest might be viable.