[isf-wifidog] protecting the gateway status page
acv
acv at miniguru.ca
Lun 28 Avr 09:42:06 EDT 2008
Did you check the libhttpd authentication code? Libhttpd is full of
fixed buffer horror code so before merging this in, this would have to be
checked.
Alex
On Mon, Apr 28, 2008 at 12:51:13PM +0200, Wichert Akkerman wrote:
> Date: Mon, 28 Apr 2008 12:51:13 +0200
> From: Wichert Akkerman <wichert at wiggy.net>
> To: wifidog at listes.ilesansfil.org
> Mail-Followup-To: wifidog at listes.ilesansfil.org
> Subject: Re: [isf-wifidog] protecting the gateway status page
>
> Previously Wichert Akkerman wrote:
> > The gateway status page is readable for everyone at the moment. This has
> > several downsides for me:
> >
> > - it includes all information needed to disconnect a user using the
> > manual disconnect feature I'm implementing. That makes it a security
> > problem.
> >
> > - I use wifidog in a highly commercial environment (airport lounges at
> > Amsterdam Airport Schiphol) and do not want everyone to be able to see
> > how many people are connecting and which IPs/MACs they have. That
> > has both security issues (MAC addresses reveal a lot about the type of
> > machine someone uses for example) and bussiness reasons (the usage
> > figures are confidential).
> >
> > I intend to add optional HTTP authentication to the status page.
> > LibHTTPD provides that option so it should be a simple change.
>
> I've implemented and tested this: http://dev.wifidog.org/ticket/463
>
> Wichert.
>
> --
> Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
> http://www.wiggy.net/ It is hard to make things simple.
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
-------------- section suivante --------------
Une pièce jointe non texte a été nettoyée...
Nom: non disponible
Type: application/pgp-signature
Taille: 187 octets
Desc: non disponible
Url: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20080428/fcbb6130/attachment.pgp
Plus d'informations sur la liste de diffusion WiFiDog