E2OpenPlugins
Secure Remote Auth
I’ve an Enigma2 box and i need to use OpenWebIf from remote, but I’ve seen that the only prevent method can I use is a Basic HTTP Auth, that is too vulnerable, is there a way to secure the OpenWebIf when this is exposed on internet?
Thanks.
No, I guess cannot be changed easily.
You think of digest authentication? Problem is that the user credentials are checked against the Linux OS passwords, which are stored as salted hashes (usually sha512). So no way to fulfill the challenge response without knowing the plaintext password on the receiver.
The best protection IMO is to use HTTPS. That way browser-server-communication is encrypted and even the simple Basic Auth Headers can't be read out in the middle.
And seriously: don't ever expose your box to the internet, use a tunnel/VPN!
