Ticket #463 (closed Feature Request: fixed)

Opened 13 years ago

Last modified 12 years ago

Secure the status page

Reported by: wichert@… Owned by:
Priority: low Milestone: Not yet assigned to a Milestone
Component: Gateway Version:
Keywords: Cc:

Description

The gateway status page is readable for everyone at the moment. This has several downsides for me:

  • it includes all information needed to disconnect a user using the manual disconnect feature I'm implementing. That makes it a security problem.
  • I use wifidog in a highly commercial environment and do not want everyone to be able to see how many people are connecting and which IPs/MACs they have. That has both security issues (MAC addresses reveal a lot about the type of machine someone uses for example) and bussiness reasons (the usage figures are confidential).

I have implemented this in the form of three patches:

  1. restore the authentication functionality which was removed from LibHTTPD in r252
  2. add authentication configuration logic to the gateway
  3. protect the status page

Attachments

Change History

Changed 13 years ago by wichert@…

Changed 12 years ago by wichert

  • status changed from new to closed
  • resolution set to fixed

Fixed in r1368, r1369 and r1370

Note: See TracTickets for help on using tickets.