Protect system initialization with a passcode

in #utopian-io6 years ago (edited)

When the system is started for the first time the system administrator has to take notice of the randomly generated passwords for the system. This happens using the initialization website (#4 (closed)). That page is currently not protected so everyone on the network could see the generated passwords. In order to prevent unauthorized from seeing this sensitive data the page should be protected with a password.

PASSDORA

Reasons

  • highly valuable data is publicly exposed
  • everyone on the network could see system's root passwords

New Features

What feature(s) did you add?

Desired order of events:

  1. user opens initialization page
  2. init page prompts for password
  3. password is shown on the device's display
  4. user reads the password off the device
  5. user enters the password on the init page
  6. init page shows the system passwords

How did you implement it/them?

When a user enters the initialization page:

  1. generate an authentication code
  2. show the authentication code on the display
  3. store the authentication code in the user's session
  4. when an authentication code is entered check if it matches the one in the user's session
  5. if it does: the user had access to the device and is (probably) an administrator -> show the initialization page
  6. if it doesn't: tell the user that the code is wrong and allow him to generate a new one
Overview of the commits

The commits are a little overarching on the points, so here's the list of the commits with a little explaination

  • protect initialization page with a code shown on the display [4fa3fd4e]
  • only show "invalid auth_code"-message if it is really invalid, otherwise reset session and generate new code [0fe7b71d]
  • styled init page authentication process [9a03d4a3]
Preview
Login

Wrong passcode

Page displayed after correct passcode:

Thanks for reading
Jan, for PCSG Developers


Posted on Utopian.io - Rewarding Open Source Contributors

#quiqqer #passdora #sequry
6 years ago in #utopian-io by
$56.35
  • Past Payouts $56.35, 0.00 TRX
  • - Author $39.16, 0.00 TRX
  • - Curators $17.18, 0.00 TRX
46 votes
Reply 4
Sort:  
  • Trending
    • [-]
     6 years ago 

    Thank you for the contribution. It has been approved.

    You can contact us on Discord.
    [utopian-moderator]

    $1.28
    • Past Payouts $1.28, 0.00 TRX
    • - Author $0.97, 0.00 TRX
    • - Curators $0.32, 0.00 TRX
    2 votes
    Reply
    [-]
     6 years ago 

    Thank you vladimir! :-)

    $0.00
      Reply
      [-]
       6 years ago 

      Hey @vladimir-simovic, I just gave you a tip for your hard work on moderation. Upvote this comment to support the utopian moderators and increase your future rewards!

      $0.00
        Reply
        [-]
         6 years ago 

        Hey @pcsg-dev I am @utopian-io. I have just upvoted you!

        Achievements

        • You have less than 500 followers. Just gave you a gift to help you succeed!
        • Seems like you contribute quite often. AMAZING!

        Community-Driven Witness!

        I am the first and only Steem Community-Driven Witness. Participate on Discord. Lets GROW TOGETHER!

        mooncryption-utopian-witness-gif

        Up-vote this comment to grow my power and help Open Source contributions like this one. Want to chat? Join me on Discord https://discord.gg/Pc8HG9x

        $0.00
          Reply

          Coin Marketplace

          STEEM 0.20
          TRX 0.13
          JST 0.030
          BTC 63974.07
          ETH 3426.40
          USDT 1.00
          SBD 2.54