Advice requested for arduino webserver

Projects Networking, Protocols, and Devices
1

In advance, I apologize for the long post. This is not an arduino issue per se, as everything is working properly, rather, I am seeking advice. I have basically an Iot server running on a mega w/ethernet shield, connected to a 4G router to monitor/control a remote solar power system. Everything works as it should, but I have 2 areas of concern, one is security. I'd like to password-protect the server. A hacker can't really cause too much trouble, but could be annoying, so it's not like I'm protecting Ft. Knox, but a problem foreseen is a problem solved, as they say.
The second area of concern is that I'd like to limit server access to one user at a time, since 2 users can contradict each other and cause a nuisance. I can probably figure this one out eventually....
I am thinking of switching to a W32 eth01, but would rather stay with the mega if I can.

Back to security, as an experiment, I added a virtual number pad, and request the user enter a PIN before commands are revealed, and it works well, but being an HTML novice, I don't know how secure it really is. I do know a man-in-the-middle attack would reveal the PIN, but I figure a hacker would not expend that much effort on such a trivial return....maybe I'm mistaken?

Thoughts or advice welcome. TIA.

2

HTTP is plain text so it is easy to read. on Mega with Ethernet shield you can't do https (which would encode the transported data).

to work with one Client only, invoke server.available() (or better server.accept()) only if the previous client disconnected. (store the returned Client into a global variable)

4

It looks like server.accept() might do what I want. Thank you! I had not heard of it.

5

if your concern is an entry form where several user can change several values in parallel, an old but reliable pattern is, to add a fingerprint (for example a generated CRC from the current data, of if you had a "database" in the background a timestamp of the current data version). Add that fingerprint to a hidden input field in the form. When the user changes data, the server can evaluate if the data on the server was already changed in the meantime and refuse the new incoming data as there was already a change in the by another user.

6

https://docs.arduino.cc/libraries/ethernet/#Server%20Class

7

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.