Basically, how do you go about authenticating a user and keep someone from getting into an embedded web server w/o permission?
Here is the situation: I have an embedded HTTP server (no HTTPS) running basic HTTP services including cgi. The web pages are HTML with JS and CSS. The user enters a Username and Password which is submitted to the server and authenticated in a lookup on the server. If it matches, the next file is served to the browser. The problem is that everything is in the 'clear'. I have no SSL available. I realize that this is not a very secure system but it does not need to be 100%. However, I would like to make it as secure as possible with the limited capabilities. I have searched and searched for answers but not finding much.
Aucun commentaire:
Enregistrer un commentaire