connectbox-pi icon indicating copy to clipboard operation
connectbox-pi copied to clipboard
verified publisher icon ConnectBox

Admin interface uses http

Open edwinsteele opened this issue 9 years ago • 4 comments

Admin credentials pass over cleartext, which is bad. We'll probably have to self-sign a certificate, which means that admin connections will get certificate warnings (perhaps there's another way?)

edwinsteele avatar Dec 11 '16 05:12 edwinsteele

While passing credentials as clear text are indeed undesirable, I think all the browser warnings that people are going to get with a self-signed cert are going to be worse. From my experience, end users seem to freak out about that all the time and the browsers don't help with their sensationalist and dramatic screens warning people that a self-signed cert is being used. Could we do some basic XOR type math on the password to obfuscate it on the client side before we pass it over? Nothing complex or that couldn't be broken easily by someone who can read our source code but enough to keep the password from being passed around as plain text and open.

GeoDirk avatar Jan 04 '17 17:01 GeoDirk

I was just browsing through the issue list and thought I could add something to this discussion. You could use digest authentication, which only sends a hash of the password across the network. For apache, see here: http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.xml It's certainly not as good as a certificate, but better than plain text and won't scare the user as a self signed cert would.

khoran avatar Feb 15 '18 22:02 khoran

There are a few free certificate authorities now. Do HTTPS with the warnings. Generate a self signed one and have a wizard to do a properly signed certificate later. This is for admin. The admin should know about these warnings and once it is added it shouldn't bug the admin very often.

glowingwire avatar May 07 '18 23:05 glowingwire

Encouraging an end user to progress through a certificate prompt is a bad idea in my experience, as it breeds the viewpoint of "it was OK last time".

In the absence of a trusted certificate, a better option would be to SSH port forward the HTTP port. This would allow the administrator to exchange their credentials without negatively impacting the user. It should also be possible without any particular changes (I believe I read SSH was already available in the image).

Just a thought.

joncojonathan avatar Dec 07 '19 16:12 joncojonathan