Opened 7 years ago
Closed 7 years ago
#652 closed enhancement (fixed)
Console authentication improvements
Reported by: | Roland Häder | Owned by: | zzz |
---|---|---|---|
Priority: | minor | Milestone: | 0.9.4 |
Component: | apps/console | Version: | 0.9 |
Keywords: | Cc: | ||
Parent Tickets: | Sensitive: | no |
Description
Please try to add a feature that allows protection of the router by e.g. HTTP sessions which could prevent third persons (e.g. running the i2p router at a remote server means that the local administrator can access it) or even your family-mates from accessing it.
Subtickets
Change History (8)
comment:1 Changed 7 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:2 Changed 7 years ago by
Component: | router/general → apps/console |
---|
Although it would be nice to get this added to /configui so you don't need advanced config … good noobie project
comment:3 Changed 7 years ago by
The password is stored in clear text in ~/.i2p/router.config, which means no better security. The local admin/family/room mates (="attacker") can read that file. :( Okay, the attacker may shutdown the computer manually, remove the hard drive, plug it into another computer and mount it (e.g. to /mnt/) then he can read the password from the said file.
comment:4 Changed 7 years ago by
Or use an external boot medium like CD/USB stick and mount the hard drive as root. …
comment:5 Changed 7 years ago by
Component: | apps/console → other |
---|---|
Resolution: | fixed |
Status: | closed → reopened |
Summary: | Protect i2p router (http://localhost:7657) by login → Encrypt all saved data on harddrive |
Hi
I2P is not a tool to protect data on your data on your harddrive against people with physical access to your system.
With physcial access everyone can access your data on your system also, which tells you: they can read your data in I2P folder, too. In this case a encrypted, saved password for console is useless, too.
Nevertheless a encryption for saved data could be useful. But not really on a high importance.
Use e.g. TrueCrypt? or different tools for file encryption on your harddrive in between.
echelon
comment:6 Changed 7 years ago by
Milestone: | 0.9.1 → 0.9.3 |
---|
I don't know about encrypting everything, but it's a fair suggestion that we at least salt and hash the passwords in the config file.
Right now we do, at least, set almost all saved files to mode 600.
comment:7 Changed 7 years ago by
Component: | other → apps/console |
---|---|
Milestone: | 0.9.3 → 0.9.4 |
Owner: | set to zzz |
Status: | reopened → accepted |
As described in #731 I'm going to try to implement password salting and hashing in 0.9.4.
comment:8 Changed 7 years ago by
Resolution: | → fixed |
---|---|
Status: | accepted → closed |
Summary: | Encrypt all saved data on harddrive → Console authentication improvements |
In 0.9.3-1:
- Console auth changed from basic to digest
- No longer saved as plain text in router.config
- HTTP proxy auth changed from basic to digest
- No longer saved as plain text in i2ptunnel.config
- New console password form on /configui.jsp
Moin
Look into the FAQ, it is present since a few years.
http://www.i2p2.i2p/faq#remote_webconsole
echelon