[isf-wifidog] protecting the gateway status page
Wichert Akkerman
wichert at wiggy.net
Lun 28 Avr 04:47:38 EDT 2008
The gateway status page is readable for everyone at the moment. This has
several downsides for me:
- it includes all information needed to disconnect a user using the
manual disconnect feature I'm implementing. That makes it a security
problem.
- I use wifidog in a highly commercial environment (airport lounges at
Amsterdam Airport Schiphol) and do not want everyone to be able to see
how many people are connecting and which IPs/MACs they have. That
has both security issues (MAC addresses reveal a lot about the type of
machine someone uses for example) and bussiness reasons (the usage
figures are confidential).
I intend to add optional HTTP authentication to the status page.
LibHTTPD provides that option so it should be a simple change.
Wichert.
--
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
Plus d'informations sur la liste de diffusion WiFiDog