atmosx wrote:I don't write code in python, but this application seems very similar to ruby's Sinatra, so it's pretty damn easy to add authentication (plaintext or sha1-ed). However, I use iptables and OpenVPN. The interface is accessible via OpenVPN only, works fine.
Well, in theory, it would trivial to add password authentication. However
, it would be a bad idea without first adding SSL (since all passwords will be sent in plain text). The bottom line is that the false sense of security is worse than no security.
I think the most proper solution would be to either add proper SSL support, which the most recent versions of Gunicorn now supports (but I'm not sure how it will behave on the RasPi) or simply lock the web interface to only accept connections from a certain IP (or IPs).
I'm more inclined towards the latter solution, since it is more secure as the former solution is exposed to MiTM attacks.
Creator of Screenly (Screenly.io), the leading digital signage solution for the Raspberry Pi. Now hacking on WoTT (github.com/WoTTsecurity/agent),
Twitter: @vpetersson | vpetersson.com