Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WebUI server url should include username and password #109

Open
ZJvandeWeg opened this issue Jun 13, 2023 · 1 comment
Open

WebUI server url should include username and password #109

ZJvandeWeg opened this issue Jun 13, 2023 · 1 comment
Labels
task A piece of work that isn't necessarily tied to a specific Epic or Story.

Comments

@ZJvandeWeg
Copy link
Member

Description

When starting the device agent, the logs show a line like: Web UI Server now listening at http://127.0.0.1:1879.

As the agent knows the username and password it should have been http://<user>:<password>@127.0.01:1879 for better usability

Epic/Story

No response
@ZJvandeWeg ZJvandeWeg added the task A piece of work that isn't necessarily tied to a specific Epic or Story. label Jun 13, 2023
@Steve-Mcl
Copy link
Contributor

In the first iteration of the Web UI, the user name and password are not displayed as a security measure.

Thinking in terms of an off the shelf device or an admin prepared image, displaying the username and password are attack vectors for a bad actor to capture and use to deploy their own image to the device agent.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
task A piece of work that isn't necessarily tied to a specific Epic or Story.
Projects
☁️ Product Planning
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ZJvandeWeg @Steve-Mcl