t3monitoring icon indicating copy to clipboard operation
t3monitoring copied to clipboard
verified publisher icon georgringer

Encrypt transfer data

Open realJustmike opened this issue 9 years ago • 5 comments

I think it would be nice to encrypt the data transferred between monitor and clients based on a pre-shared key in the extension-settings like Xavier Perseguers does in his "Central account management":

https://docs.typo3.org/typo3cms/extensions/causal_accounts/AdministratorManual/InstallingExtension/Index.html

realJustmike avatar May 10 '16 12:05 realJustmike

Absolutely, wanna do a pull request?

georgringer avatar May 10 '16 13:05 georgringer

Would we close it in times of HTTPS und free letsencrypt certificates?

christophlehmann avatar Sep 20 '19 06:09 christophlehmann

I would rather force HTTPS usage per setting in EM, what so you think?

christophlehmann avatar Sep 20 '19 06:09 christophlehmann

I don't think, closing this is the best idea. Because having an https connection allows an attacker knowing your secret to get the data fetched. Securing it via a pre shared key or a key pair solution is more secure. I will think about it and do a pull request on this, if I find a solution

calien666 avatar Apr 29 '20 20:04 calien666

Additional encryption is more secure. But the attack vector you described, is easily mitigated by employing a proper IP filter in the extension's settings.

liayn avatar Feb 15 '24 12:02 liayn