Re: [Dorset] Problem using Chromium to log in to Web Page Secured with flask-httpauth
Hi Terry, > > - Does the whole site require authentication? > > No. Only the Control Page. > > > - Are the users who need to authenticate a handful so they can be > > educated in responding to the browser's login prompt? > > Yes. A very slack handful. :-) Probably no more than half a dozen. > > > - Do the users share devices provided at the site? > > No they use their own. > > > - How long should a ‘login’ last? > > Probably only 10 to 15 Minutes. If you don't need to enforce that short 15-minute authorisation time then I think Stephen is right that it's easier to configure Apache to guard the control page, with your Python knowing nothing about it. https://httpd.apache.org/docs/2.4/howto/auth.html -- Cheers, Ralph. -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Problem using Chromium to log in to Web Page Secured with flask-httpauth
On Saturday, 30 January 2021 08:30:22 GMT Ralph Corderoy wrote: > If you don't need to enforce that short 15-minute authorisation time > then I think Stephen is right that it's easier to configure Apache to > guard the control page, with your Python knowing nothing about it. > https://httpd.apache.org/docs/2.4/howto/auth.html Ralph, I'm going to use nginx rather than Apache, simply because it is what I used for the original Audio Guide and Quiz Webserver so I have prior experience with it. Also it is lightweight which is also a bonus with the RPi and one of the reasons that I chose it 3-4 years ago. After the lengthy discussions over this query, I'm fairly comfortable about the cause of the problem and believe that the risk of a device used by a member of staff or privileged volunteer falling into the hands of a bad actor who might exploit this is low enough to be vanishingly small. Bear in mind that this Webserver has no access from the Internet, other than via the VPN Server, so any attack will have to be attempted within range of the the site Wifi. I would think that a casual thief is probably going to head for his local fence or drug pusher rather than hanging around the WMT trying to hack into the system. Thanks for the suggestion though. -- Terry Coles -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Problem using Chromium to log in to Web Page Secured with flask-httpauth
Hi Terry, I'm going to use nginx rather than Apache, simply because it is what I used for the original Audio Guide and Quiz Webserver so I have prior experience with it. Also it is lightweight which is also a bonus with the RPi and one of the reasons that I chose it 3-4 years ago. You can do it with nginx as well - and it’s as simple as with Apache: - https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ But as you say, your system is pretty low-risk to hacking, so maybe no point. Cheers, Stephen -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Problem using Chromium to log in to Web Page Secured with flask-httpauth
On Saturday, 30 January 2021 09:46:59 GMT Stephen Wolff wrote: > You can do it with nginx as well - and it’s as simple as with Apache: > > - > https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-> > basic-authentication/ > > But as you say, your system is pretty low-risk to hacking, so maybe no > point. Stephen, Thanks for that. It might come in useful one day. A query for both you and Ralph: Do these techniques somehow prevent the same behaviour as was occurring with Chromium, where logins were being 'remembered' across sessions? -- Terry Coles -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Problem using Chromium to log in to Web Page Secured with flask-httpauth
A query for both you and Ralph: Do these techniques somehow prevent the same behaviour as was occurring with Chromium, where logins were being 'remembered' across sessions? I think you’ll see a similar effect - that the basic auth credentials will be ‘remembered’, but I don’t think that is related to any session information. Ie - if you have a login mechanism separate to Basic Auth, then having or not having Basic Auth won’t affect how the login mechanism works (ie the session - can be in a database, in a cookie, in a query string). So, it’s a no - they won’t prevent the same behaviour, as they aren’t related to the python login. -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Problem with 'full' Root partition
Hi Ralph
Will try those commands out as have not yet deleted those folders but
have copied them into my /home folder, so if all fails I've got a backup
copy.
That sound exactly what I thought was happening! The Flatpak system
must have been bought in on one of the upgrades as I'm not sure I have
knowingly installed Flatpaks.
At the moment I'm setting up an old laptop for an old friend who's
laptop went U/S at the start of lockdown. He's house bound and both he
and his wife have serious health problems. They have not been able to go
to Church for 18 months+ and used to watch via the Web (St Johns
Wimborne stream live Service).
Will update you when done. Many thanks for all who have given advice,
much appreciated.
C A Wills
On 30/01/2021 07:18, Ralph Corderoy wrote:
Hi Clive,
The tmp folder has 11.3GB of data
...
and all Flatpack... folders.
Flatpak has a bug. Well, one so severe I'd argue it's not fit for
purpose. It gradually fills /var/tmp. Probably a bit more on every
boot so if it's a machine which gets booted a lot then it will fill up
more quickly.
As I understand it, a /run/user symlink points the current
/var/tmp/flatpak-cache-* directory but /run is lost, by design, when the
machine stops so when it starts up again a new cache directory is
created and the symlink remade.
The problem with deleting all of those /var/tmp/flatpak-cache-*
directories is that a few of them may be in use at the time. I don't
have a good suggestion for determining which ones because I don't have
access to a system with Flatpak in use so the best thing I can suggest
is to quit most programs, e.g. LibreOffice and Firefox, then delete the
Flatpak caches, and then reboot so if anything was upset by the deletion
it won't have had long to stay confused.
This will do the delete.
cd /var/tmp &&
sudo find -maxdepth 1 -name 'flatpak-cache-*' -exec rm -rf {} +
--
Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00
Check to whom you are replying
Meetings, mailing list, IRC, ... http://dorset.lug.org.uk
New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
