Ticket #463 (closed Feature Request: fixed)
Secure the status page
Reported by: | wichert@… | Owned by: | |
---|---|---|---|
Priority: | low | Milestone: | Not yet assigned to a Milestone |
Component: | Gateway | Version: | |
Keywords: | Cc: |
Description
The gateway status page is readable for everyone at the moment. This has several downsides for me:
- it includes all information needed to disconnect a user using the manual disconnect feature I'm implementing. That makes it a security problem.
- I use wifidog in a highly commercial environment and do not want everyone to be able to see how many people are connecting and which IPs/MACs they have. That has both security issues (MAC addresses reveal a lot about the type of machine someone uses for example) and bussiness reasons (the usage figures are confidential).
I have implemented this in the form of three patches:
- restore the authentication functionality which was removed from LibHTTPD in r252
- add authentication configuration logic to the gateway
- protect the status page
Attachments
Change History
Note: See
TracTickets for help on using
tickets.