Open GeeF opened 7 years ago
Can you tell me how to get another activated id beside your own?
Again, maybe I'm getting it wrong. It's just an idea.
I was looking at: https://www.madavi.de/sensor/graph.php?showfloat
Sensors are named e.g. "esp8266-10666457-sds011" where "10666457" is the ID, right?
If it's not, I rest my case :)
The "feinstaub-api" and the server generating these graphics are independent. Not every sensor in the "feinstaub-api" is sending to madavi api. And some of the sensors shown there aren't sending to "feinstaub-api". Even some of the sensors not marked red if they are "known". Example: esp8266-906538 is shown on madavi.de but should be denied by api.luftdaten.info
But there are at least some? Anyway, its a 6 digit ID, you could easily brute force it and generate garbage data. Maybe allow the exchange of a shared secret for 24 hours after activating an ID? That wouldn’t put any more work on the users side.
Maybe I'm missing something, but from what I see, the permission to post data for a specific sensor node is solely based on its id? That could potentially be bad, as you can get ids that are activated pretty easily.