The issue of authentication

A project log for Speed-o-meter

A physical dial showing network usage

alistair-macdonaldAlistair MacDonald 08/12/2014 at 17:000 Comments

Currently the Arduino is connecting directly to the Monowall firewall on port 80 and requesting "/stats.cgi?vr0". This is an endpoint for the Web GUI API to monitor network usage in real time. vr0 is the name in the Interface on the WAN side.

In the HTTP headers we are sending "Authorization: Basic ****************************" where the starts are replaced with "username:password" base 64 encoded. This works well, but the password is as good as in the clear so is a bit of a security issue. Even if we have a secure connection between the firewall and the Speed-o-meter anyone administering the firewall will also be sending the password insecurely.

The solution to this is to use as HTTPS connection to the firewall, but the Arduino is not powerful enough to use HTTPS on its own. Normally I would proxy the request via a server that can connect via HTTPS, and this is what I started to do, but then I decided will look at creating a Monowall plugin. This plugin will either give access to the bandwidth data without authentication or encryption, or perhaps push the data to the Arduino. Watch this space.