Hey all, is there any way to use both the login screen for some users and an access list entry for others? I have a server that needs to send web commands to the Webcontrol and I really don't want to embed the login info in the clear so it would be great if I could have that pc entered in the access list and let it skip the login all together.
Use access lists and login screen?
- Thread starter ChubRock1
- Start date
The current setup provides for restricted host AND optional password, not OR. I don't believe there's any way to do what you want.
However, there are ways to obfuscate the user/pass when stored on the server that would stop the average person discovering the plaintext user/pass.
The password is not sent over the wire "in the clear", so if that's your concern - you need not be.
All my webcontrol boards are accessed using user/pass and its been working fine for years.
However, there are ways to obfuscate the user/pass when stored on the server that would stop the average person discovering the plaintext user/pass.
The password is not sent over the wire "in the clear", so if that's your concern - you need not be.
All my webcontrol boards are accessed using user/pass and its been working fine for years.
rossw,
Thanks for the input, can you expand on how you hide the user/pass info? My situation is a bit unique perhaps in that this link (the one I am concerned exposing user/pass info) is really just a weblink on a webpage I use to monitor some stats from my board. I use the weblink to send the command to set OP7 to 1, but so far, I have had to use the http://user
[email protected]... method to get around the login screen. The obvious issue with this is the user and pass are in the clear on the link so anyone that finds the link or looks at the link source can see the info.
I was really hoping the Webcontrol could reference the access list first, then route to login/pass screen if not on the list.
Thanks for the input, can you expand on how you hide the user/pass info? My situation is a bit unique perhaps in that this link (the one I am concerned exposing user/pass info) is really just a weblink on a webpage I use to monitor some stats from my board. I use the weblink to send the command to set OP7 to 1, but so far, I have had to use the http://user
[email protected]... method to get around the login screen. The obvious issue with this is the user and pass are in the clear on the link so anyone that finds the link or looks at the link source can see the info.I was really hoping the Webcontrol could reference the access list first, then route to login/pass screen if not on the list.
CAI_Support
Senior Member
Chub,
If you could write your own code on your server to access the WebControl, you could have encrypted userassword in your code to send to WebControl.
It is same way as accessing ISY99, you can access all thoseWebControl I/O, VAR by sending in the same HTTP request AUTHENTICATIOM BASIC: then encrypted string.
In our later firmware from 3.02.16x, we have a WEBSET feature, which does use encrypted userassword to set another board I/O or VAR.
You can do a TCP capture to see what having been send over, and do the same on your server.
If you could write your own code on your server to access the WebControl, you could have encrypted user
assword in your code to send to WebControl.It is same way as accessing ISY99, you can access all thoseWebControl I/O, VAR by sending in the same HTTP request AUTHENTICATIOM BASIC: then encrypted string.
In our later firmware from 3.02.16x, we have a WEBSET feature, which does use encrypted user
assword to set another board I/O or VAR.You can do a TCP capture to see what having been send over, and do the same on your server.
Similar threads
