Closed ram1505 closed 7 years ago
Frozenlock
commented
8 years ago Hello,
There isn't any authentification/authorization scheme included in Wacnet for now. Tho this might be added if someone is willing to pay for the development time.
You are right about the object-name and description, they weren't keeping their value. I corrected the bug in the bacure. The change will be included in the next version of Wacnet.
Cheers!
ram1505
commented
8 years ago Hi,I can pay for the development time for the authentication. It would be a very useful feature. Right now, it opens up the entire secured BACnet points accessible to everyone via the Swagger API.
Frozenlock
commented
8 years ago Right now, it opens up the entire secured BACnet points accessible to everyone via the Swagger API.
Indeed it does. For this reason Wacnet should never be exposed to the Internet. (It also exposes much more via the REPL)
I'll check what is the best approach for authentification (such as how deep the account management should be, how client software using the API will deal with it, if we should give 'read-only' access, etc.) and I'll come to you back with an estimate via email.
ram1505
commented
8 years ago Sure. I've sent you an email. You can continue there.
Hi, How I can do the following with Wacnet 1) prevent access to public via xxx.xxx.xxx.xxx:47800. I would like to use some form of password protection here. Can this be done? Does htaccess, httpauth be applied for ports? If so, any idea how to do it?
2) I tried changing the device config information details like description, object-name etc both via the browser interface as well as by editing the configs.clj file. After reboot, it reverts back to the defaults. How to fix this issue?