On Saturday, 30 January 2021 08:30:22 GMT Ralph Corderoy wrote:
> If you don't need to enforce that short 15-minute authorisation time
> then I think Stephen is right that it's easier to configure Apache to
> guard the control page, with your Python knowing nothing about it.
> https://httpd.apache.org/docs/2.4/howto/auth.html
Ralph,
I'm going to use nginx rather than Apache, simply because it is what I used
for the original Audio Guide and Quiz Webserver so I have prior experience
with it. Also it is lightweight which is also a bonus with the RPi and one of
the reasons that I chose it 3-4 years ago.
After the lengthy discussions over this query, I'm fairly comfortable about
the cause of the problem and believe that the risk of a device used by a
member of staff or privileged volunteer falling into the hands of a bad actor
who might exploit this is low enough to be vanishingly small.
Bear in mind that this Webserver has no access from the Internet, other than
via the VPN Server, so any attack will have to be attempted within range of
the the site Wifi. I would think that a casual thief is probably going to head
for his local fence or drug pusher rather than hanging around the WMT trying
to hack into the system.
Thanks for the suggestion though.
--
Terry Coles
--
Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00
Check to whom you are replying
Meetings, mailing list, IRC, ... http://dorset.lug.org.uk
New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
