Webserver security


I would like to ask about internet security, basically I would like to use Arduinos to collect temperature information and send it back to a webserver at my house, I have a static IP address and could forward the ports but this is not very secure, is there a simple way to add a password ?, or would it be a more complicated job of building an API ?

Thanks In Advance



I don't know, that is why I am asking.


password passed through POST.

Ensure NOTHING is visible (html) to attacker. I.e. no feedback from "no user exists" or "incorrect password" or "password accepted" or anything of the ilk.

Ensure that SQL form only accepts data of required type/length to protect against injection.

If possible, pre-formed SQL statements are the way to go...so the attacker can not "inject" code in to a statement.

Choose odd POST labels. A post request with the label "password" will be easy to guess.
Call table columns funny names. Not "password" or "user" etc.

This will fail if someone can intercept your data...they will be able to see the "POST" requests and just grab your password...unless you look in to a form of encryption (SSH/SSL for example).

Some basics there for you.

pre-formed statments may be like:

(I havnt done this in a while...probably well mal-formed).
sql = INSERT $_POST["value"] into table where data_type = $_POST["type"]

Where value and data type are limited to being ints so attackers cant like inject stuff to get the table to dump etc.



Hi Johny010,spycatcher2k,

Thanks for the information that's a great help, it's a bit of a mine field, but knowing what to sort of search for is a good start, many forums out there are supposed to be helpful but sometimes it seems like nobody wants to tell you anything.

Thanks again