wifi security
wifi security
Hi,
Is there any security on the wifi server as in a user name and password, once you forward the port its open to the world.
Thanks
Tony
Is there any security on the wifi server as in a user name and password, once you forward the port its open to the world.
Thanks
Tony
Re: wifi security
There is a pending implementation in the git repo.
https://github.com/reefangel/Libraries/issues/71
The problem is that if I enable it, it will break all apps we have available.
It has not been tested either.
If you would like to help testing it, you are more than welcome to help
https://github.com/reefangel/Libraries/issues/71
The problem is that if I enable it, it will break all apps we have available.
It has not been tested either.
If you would like to help testing it, you are more than welcome to help
Roberto.
Re: wifi security
Hi,
Thanks
So not even basic http authentication on the webserver?
as is .htaccess files?
Thanks
Tony
Thanks
So not even basic http authentication on the webserver?
as is .htaccess files?
Thanks
Tony
Re: wifi security
It's a very basic web server...it's not even a web server per se...it's just an http implementation.
Re: wifi security
This is important to me. Any update on this? A hacker could potentially crash any reefangel controlled tank.
Re: wifi security
There is a branch in github with this implemented, but it would break all the apps we have and it has not been tested.
So, it needs to be tested to make sure it works and we have to change all the apps to work accordingly too.
If you look at the 2nd post in this thread, you will see where the branch is located.
So, it needs to be tested to make sure it works and we have to change all the apps to work accordingly too.
If you look at the 2nd post in this thread, you will see where the branch is located.
Roberto.
Re: wifi security
I understand. Is it something that is being worked on? As is it is a potential risk.rimai wrote:There is a branch in github with this implemented, but it would break all the apps we have and it has not been tested.
So, it needs to be tested to make sure it works and we have to change all the apps to work accordingly too.
If you look at the 2nd post in this thread, you will see where the branch is located.
Re: wifi security
Yeah, that branch is probably stale already as it had been developed a few updates back, but I can bring it back current. We still need to test though. Last time, there was no interest from anyone to test it.
Roberto.
Re: wifi security
I dont really see this as a big deal..
Set a portalkey if your worried and restrict access to reefangel.com on your router.
Then someone would have to break into roberto's server and know your portalkey.
Implementing some other authentication doesn't really help IMO.
Set a portalkey if your worried and restrict access to reefangel.com on your router.
Then someone would have to break into roberto's server and know your portalkey.
Implementing some other authentication doesn't really help IMO.
Re: wifi security
I am happy to help test.
Inevo - not sure what you mean. I did set a portal key. However, you can still get to http://myipaddress:2000/wifi
I actually changed the port also.
If I restrict access to just reefangel.com then I cannot get to it from my phone, work pc, etc..
Inevo - not sure what you mean. I did set a portal key. However, you can still get to http://myipaddress:2000/wifi
I actually changed the port also.
If I restrict access to just reefangel.com then I cannot get to it from my phone, work pc, etc..
Re: wifi security
You may still be able to get to it, but without putting the key into the URL you should not be able to execute any commands...
If you restrict it you would increase the security...
The old iphone app used to have an option to relay commands through the portal for this exact situation... and maybe the android has it too where the portal would forward the command from the phone.... you might even be able to hack that functionality by changing the URL to the portal URL with all the arguments required. Curt would have to advise if that's possible...
If you restrict it you would increase the security...
The old iphone app used to have an option to relay commands through the portal for this exact situation... and maybe the android has it too where the portal would forward the command from the phone.... you might even be able to hack that functionality by changing the URL to the portal URL with all the arguments required. Curt would have to advise if that's possible...
Re: wifi security
having the android app forward a command through the portal is not currently possible. I would have to look into how that could work. the best option would for me to implement the portal key ability and then we would not have to worry about it. well.... unless you wanted to lock down communication to only come from the portal.
guess I will need to take a look at how that can be done... the relaying of commands. of course, Roberto will probably chime in on how that is possible.
Sent from my Nexus 7
guess I will need to take a look at how that can be done... the relaying of commands. of course, Roberto will probably chime in on how that is possible.
Sent from my Nexus 7
Re: wifi security
I think the patch I made a while ago would use the portal key in the controller too.
I need to revisit it to bring it back to current.
So, every request to the webserver would have to include the key.
For example:
http://ipaddress:2000/r99&key=myportalkey
If the key wasn't included, the command would be ignored.
I need to revisit it to bring it back to current.
So, every request to the webserver would have to include the key.
For example:
http://ipaddress:2000/r99&key=myportalkey
If the key wasn't included, the command would be ignored.
Roberto.
Re: wifi security
I am still not satisfied with RA security.
It should at least support SSL, and then perform user authentication over SSL.
Generally the motivation to harm someone should be low; but we cannot ignore the possibility of some anti-social people. If someone intend to cause harm to someone or the family, obtain the key (e.g. via network sniffing) and try to overheat the devices by overloading it over and over, causing fire sparks and fire; or cause flooding and hopefully if the wiring is not well designed, it will cause short-circuit by salt-water (marine tank).
It should at least support SSL, and then perform user authentication over SSL.
Generally the motivation to harm someone should be low; but we cannot ignore the possibility of some anti-social people. If someone intend to cause harm to someone or the family, obtain the key (e.g. via network sniffing) and try to overheat the devices by overloading it over and over, causing fire sparks and fire; or cause flooding and hopefully if the wiring is not well designed, it will cause short-circuit by salt-water (marine tank).
Re: wifi security
Hi,
I was also not happy with this. So my solution to secure the access is like this: First, I restrict port 2000 to my local network only. So only at home I can control the RA with the app. For secure remote access, I use connectbot for Android to login at home with a secure SSH connection and portforward 2000 to the RA (no root required!). In the RA app I use the "away" profile for this with address localhost:2000.
One can setup connectbot with a private key file, so connecting with my home network is just one click.
cheers,
Christian
I was also not happy with this. So my solution to secure the access is like this: First, I restrict port 2000 to my local network only. So only at home I can control the RA with the app. For secure remote access, I use connectbot for Android to login at home with a secure SSH connection and portforward 2000 to the RA (no root required!). In the RA app I use the "away" profile for this with address localhost:2000.
One can setup connectbot with a private key file, so connecting with my home network is just one click.
cheers,
Christian
Re: wifi security
SSL should not be in play here at all. There is no data here we are trying to protect like credit card or personal data. The only thing that is needed is a better authentication so that the RA cannot be controlled by unauthorized access. Personally I think the portal key is sufficient for this, but obviously more can be done. This is an arduino device. If you want SSL you are welcome to try and implement it. But theres a lot of crypto and effort that would be required. The most effective thing to do would be as wtibib said and lock down who can access port 2000 on your network and access your network via some type of secure VPN. The outbound connection to update the portal for monitoring does not require inbound access.