Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: How secure can my webpage be.

  1. #1
    Join Date
    Dec 2008
    Location
    USA
    Beans
    524
    Distro
    Ubuntu 12.04 Precise Pangolin

    How secure can my webpage be.

    i saw this link about using a raspberry pi to open your garage.
    http://www.instructables.com/id/Rasp...e-Door-Opener/

    so with that in mind, I would want a public webpage that can open my house to be quite secure.
    Is there a better way that an old school usernameassword?

    Can I use a public key method, like my ssh, to authenticate a webpage?
    I don' really like coffee. I guess I'll give my Ubuntu beans to my wife.

    Luke

  2. #2
    Join Date
    Jun 2011
    Beans
    357

    Re: How secure can my webpage be.

    If you want the ability to open your house to be secure, then I would suggest not putting a method for opening your house on-line. Certainly not with a user-name and password. You could set up some sort of key method (a key is basically a long password). But I really don't think this is a good idea.

  3. #3
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: How secure can my webpage be.

    Quote Originally Posted by thnewguy View Post
    If you want the ability to open your house to be secure, then I would suggest not putting a method for opening your house on-line. Certainly not with a user-name and password. You could set up some sort of key method (a key is basically a long password). But I really don't think this is a good idea.
    This. Even if the machine is only accessible via your wifi network, it could still be a security risk.

    The same can be said for garage door openers that use radio frequencies, but only you will know when convenience is more important than security.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  4. #4
    Join Date
    Apr 2012
    Beans
    152
    Distro
    Xubuntu 12.04 Precise Pangolin

    Re: How secure can my webpage be.

    That will always be the problem with security online. More people have access to it. And to mess with it. Nothing is perfectly safe in this world, Period. passwords can help, and having the page not accessible by basic search engines would help too. (Though if someone found it through say something like the Deep net, odds are they know a bit more about computers). So there are a few things you can do...

    But think about it this way, without internet, there are still people that break into houses, you can have a moat, a draw bridge, and the key in three parts, it is still possible to break in. (Though with such security, it is very unlikely). The more ways you have to get in your house, the more ways it can be exploited. Having less ways to access your house, means less of a guessing game when someone does break in. More chances they have to play to your game.

    So no, there is not perfectly secure way to do it, but if you are going to do it, do things to help your security, passwords are not super great, especially because they have to go somewhere. Encryption methods can help this, like SSL... But we have seen what just happened with the Heartbleed bug. Heck, it at this point probably would be safer just to do a RadioWave, a Signal not used often on a switch, can it be copied? Yes! Can someone by mistake come about such a frequency? Yes! Will it happen? Maybe, maybe not. Is it more secure than allowing it to be found than say the internet? Probably, but it might not be too.
    Proverbs 14:15

    The simple believeth every word: but the prudent man looketh well to his going.

  5. #5
    Join Date
    Nov 2011
    Beans
    2,336
    Distro
    Ubuntu

    Re: How secure can my webpage be.

    Gotta ask: Why do you want to put up a page on a public web site to click on something that unlocks your house?

    Why not wait until you get home?

  6. #6
    Join Date
    Nov 2013
    Location
    On the edge
    Beans
    861
    Distro
    Ubuntu

    Re: How secure can my webpage be.

    *sigh*

    It is supposed to be the Internet of Things after all, I suspect we should all just suck it up and deal with it

    That being said, please understand in great depths all things about ssh or web portals or whatever you use to interface with your garage door. The fastest route to failure is to go with the defaults and not understand how it really works. Because I guarantee eventually someone malicious will find it that understands it very well.

    Think about the best case and the worst case. I guess best case is your wife is locked out, you can let her in remotely and save the day. Worst case is you're on vacation and a script kiddie brute forces your password and manages to open the door. It sits open for days until you return to a house with no furniture inhabited by two families of raccoons and a rabid squirrel. If the risk is worth it then go for it.
    Knock knock.
    Race condition.
    Who's there?

  7. #7
    Join Date
    Jun 2009
    Location
    0:0:0:0:0:0:0:1
    Beans
    4,711
    Distro
    Xubuntu

    Re: How secure can my webpage be.

    why not run the script to open the door via ssh?
    you could simple use a desktop launcher that runs a script via ssh using your ssh key
    just throw this in a launcher
    Code:
    ssh pi@raspberrypi.local "/path/to/script.py"
    i think you will need to be root to operate the GIOP, so keep that in mind
    Laptop: ASUS A54C-NB91 (Storage: WD3200BEKT + MKNSSDCR60GB-DX); Desktop: Custom Build - Images included; rPi Server
    Putting your Networked Printer's scanner software to shame PHP Scanner Server
    I frequently edit my post when I have the last post

  8. #8
    Join Date
    Dec 2008
    Location
    USA
    Beans
    524
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: How secure can my webpage be.

    I appreciate the security concerns. So lets say the website is internal only no forwarded ports yada yada.
    I'd still like to know if I can have the equivalent of an public key security on a website.

    I thought about a script via ssh, but this is incomprehensible for my wife.
    I don' really like coffee. I guess I'll give my Ubuntu beans to my wife.

    Luke

  9. #9
    Join Date
    Jun 2009
    Location
    0:0:0:0:0:0:0:1
    Beans
    4,711
    Distro
    Xubuntu

    Re: How secure can my webpage be.

    that is why you give her a desktop launcher (as in a icon on her desktop) to call the script
    if it is using only your wifi and you have WPA-ASE encryption a basic page will be safe, assuming www-data has permission to run the script to open the door
    Laptop: ASUS A54C-NB91 (Storage: WD3200BEKT + MKNSSDCR60GB-DX); Desktop: Custom Build - Images included; rPi Server
    Putting your Networked Printer's scanner software to shame PHP Scanner Server
    I frequently edit my post when I have the last post

  10. #10
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: How secure can my webpage be.

    Quote Originally Posted by pqwoerituytrueiwoq View Post
    that is why you give her a desktop launcher (as in a icon on her desktop) to call the script
    if it is using only your wifi and you have WPA-ASE encryption a basic page will be safe, assuming www-data has permission to run the script to open the door
    It would be better to just use a passphrase less ssh key and an unprivlaged user set to run the script on login.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •