On Saturday, 30 January 2021 08:30:22 GMT Ralph Corderoy wrote: > If you don't need to enforce that short 15-minute authorisation time > then I think Stephen is right that it's easier to configure Apache to > guard the control page, with your Python knowing nothing about it. > https://httpd.apache.org/docs/2.4/howto/auth.html
Ralph, I'm going to use nginx rather than Apache, simply because it is what I used for the original Audio Guide and Quiz Webserver so I have prior experience with it. Also it is lightweight which is also a bonus with the RPi and one of the reasons that I chose it 3-4 years ago. After the lengthy discussions over this query, I'm fairly comfortable about the cause of the problem and believe that the risk of a device used by a member of staff or privileged volunteer falling into the hands of a bad actor who might exploit this is low enough to be vanishingly small. Bear in mind that this Webserver has no access from the Internet, other than via the VPN Server, so any attack will have to be attempted within range of the the site Wifi. I would think that a casual thief is probably going to head for his local fence or drug pusher rather than hanging around the WMT trying to hack into the system. Thanks for the suggestion though. -- Terry Coles -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk