Assuming I make the HTTP server on my Arduino publically available, are there any suggestions for protecting it from unauthorized access? My only two three ideas thus far are:
1) Check the IP of the connected client against a whitelist of allowed clients. This would be the most secure, but not very practical.
2) Have a password form. Not very secure against MitM attacks or brute force password guessing attacks.
3) Require a hash of the request page name, any parameters, the time, and a password with every request. This might be the best from a security perspective, but seems the most difficult to implement.
I'm looking forward to any other suggestions, comments on the above ideas, or info on any existing projects related to this.