Just questiom about security options on arduino webserver

Hi. I wondering whats my options for security on my arduin SD webserver? Im not asking for som top security or so but atleast maybe a login code or so.

There are lots of ways to secure a web site, but the approaches involving encryption are going to be difficult or impossible to implement within the constraints of an Arduino. You could do plain old non-encrypted basic authentication quite easily, though. With this approach you would associate a session with each client request via the client's TCP/IP address and port. The session will record whether the client has logged in, and any details you want to keep track of between requests such as the username they logged in as. If a client which is not currently logged in tries to access any secured pages then instead of the requested page you send back a login form. The client is expected to enter a username and password and submit the form, resulting in another request being received at the Arduino. You sketch will then validate the supplied username and password, and if they're valid then it will open a session for that client.

Usually, the session would be timed out after a period of inactivity or by an explicit logout request from the client.

Simple security can be keeping the web server behind a router and don't publically display a link to your server.

Tnx for the answer. The only thing im using right now is a router and a diffrent port to arduino. But im wondering is it possible to to use Webduinos code for Webduino Authentication on a page who is on a SD card or perhaps after login it makes the page on the SD card available?

/* Web_Authentication.ino - Webduino Authentication example */

/* This example assumes that you're familiar with the basics
 * of the Ethernet library (particularly with setting MAC and
 * IP addresses) and with the basics of Webduino. If you
 * haven't had a look at the HelloWorld example you should
 * probably check it out first */

/* you can change the authentication realm by defining
 * WEBDUINO_AUTH_REALM before including WebServer.h */
#define WEBDUINO_AUTH_REALM "Weduino Authentication Example"

#include "SPI.h"
#include "Ethernet.h"
#include "WebServer.h"

/* CHANGE THIS TO YOUR OWN UNIQUE VALUE.  The MAC number should be
 * different from any other devices on your network or you'll have
 * problems receiving packets. */
static uint8_t mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };

/* CHANGE THIS TO MATCH YOUR HOST NETWORK.  Most home networks are in
 * the 192.168.0.XXX or 192.168.1.XXX subrange.  Pick an address
 * that's not in use and isn't going to be automatically allocated by
 * DHCP from your router. */
static uint8_t ip[] = { 192, 168, 1, 210 };

/* This creates an instance of the webserver.  By specifying a prefix
 * of "", all pages will be at the root of the server. */
#define PREFIX ""
WebServer webserver(PREFIX, 80);

void defaultCmd(WebServer &server, WebServer::ConnectionType type, char *, bool)
{
  server.httpSuccess();
  if (type != WebServer::HEAD)
  {
    P(helloMsg) = "<h1>Hello, World!</h1><a href=\"private.html\">Private page</a>";
    server.printP(helloMsg);
  }
}

void privateCmd(WebServer &server, WebServer::ConnectionType type, char *, bool)
{
  /* if the user has requested this page using the following credentials
   * username = user
   * password = user
   * display a page saying "Hello User"
   *
   * the credentials have to be concatenated with a colon like
   * username:password
   * and encoded using Base64 - this should be done outside of your Arduino
   * to be easy on your resources
   *
   * in other words: "dXNlcjp1c2Vy" is the Base64 representation of "user:user"
   *
   * if you need to change the username/password dynamically please search
   * the web for a Base64 library */
  if (server.checkCredentials("dXNlcjp1c2Vy"))
  {
    server.httpSuccess();
    if (type != WebServer::HEAD)
    {
      P(helloMsg) = "<h1>Hello User</h1>";
      server.printP(helloMsg);
    }
  }
  /* if the user has requested this page using the following credentials
   * username = admin
   * password = admin
   * display a page saying "Hello Admin"
   *
   * in other words: "YWRtaW46YWRtaW4=" is the Base64 representation of "admin:admin" */
  else if (server.checkCredentials("YWRtaW46YWRtaW4="))
  {
    server.httpSuccess();
    if (type != WebServer::HEAD)
    {
      P(helloMsg) = "<h1>Hello Admin</h1>";
      server.printP(helloMsg);
    }
  }
  else
  {
    /* send a 401 error back causing the web browser to prompt the user for credentials */
    server.httpUnauthorized();
  }
}

void setup()
{
  Ethernet.begin(mac, ip);
  webserver.setDefaultCommand(&defaultCmd);
  webserver.addCommand("index.html", &defaultCmd);
  webserver.addCommand("private.html", &privateCmd);
  webserver.begin();
}

void loop()
{
  char buff[64];
  int len = 64;

  /* process incoming connections one at a time forever */
  webserver.processConnection(buff, &len);
}

xzenon:
im wondering is it possible to to use Webduinos code for Webduino Authentication on a page who is on a SD card or perhaps after login it makes the page on the SD card available?

I don’t see any reason why not.

Ok then my next thing to do is to try to merge the authentication part of this code to mine. I have no ide where to start.