2016-04-01 - Re: [GRASE-Hotspot] Can portal be secure? https

Header Data

From: Henry Terkura Swende <he***e@gmail.com>
Message Hash: a6873719704aea0c7e870eab4d0e16b6b18932d8984b25804bc5bbf985c98b22
Message ID: <CAHoMbhc06jUzd=EePwgCSfFjrf7wPSdmsD8o8tvTQ-EFZkwiSg@mail.gmail.com>
Reply To: <9e831ec8-a1b0-48b7-beda-e7480efa534b@grasehotspot.org>
UTC Datetime: 2016-04-01 11:11:40 UTC
Raw Date: Fri, 01 Apr 2016 19:11:40 +0100

Raw message

Wow! Thanks Sebastian Schneider, I guess I better looking to enable SSL on
grase too....digging up your tutorial! Thanks.
On Apr 1, 2016 4:32 PM, "Sebastian Schneider" <se***r@gmail.com>
wrote:

> Hi Henry,
>
> SSL in combination with HTTP is (going to be) the standard for Web.
> In our case I think it is a good idea to enable a secure way to log into
> the portal for *everyone*.
> If anyone is facing a problem with javascript, they are forced to use the
> non-js version of the captive portal. In that case a Man-in-the-Middle
> attack is trivial and credentials of YOUR wireless network can get in the
> wrong hands. It's not necessarily just the users problem but yours.
> Another point is: Many people use noscript or similar programs to block
> javascript. And I fully understand their decision.
> For exactly these cases we can make sure that the authentication on our
> captive portal is safe.
>
> Using an unencrypted wireless network is insecure for the user anyway. But
> at least I want to try everything possible to keep me and my network safe
> and unwanted people out of my net.
>
> Even there are other methods to get into an unencrypted network...
>
> Best Sebastian
>
>
> Am Mittwoch, 30. März 2016 22:51:03 UTC+2 schrieb Henry Terkura Swende:
>>
>> I'm kinda confused here guys kindly help me out? Why would I need SSL
>> when the portal is already secured. I mean what's the advantage of using
>> SSL instead of the JavaScript enabled security in grase?
>> On Mar 30, 2016 9:25 PM, "Timothy White" <ti***.@gmail.com> wrote:
>>
>>> Thats great news Sebastian!
>>>
>>> Can you do a short writeup on the Wiki for that?
>>> https://github.com/GraseHotspot/grase-www-portal/wiki
>>>
>>> Regards
>>>
>>> Tim
>>>
>>> On Thu, Mar 31, 2016 at 12:18 AM, Sebastian Schneider <
>>> se***.@gmail.com> wrote:
>>>
>>>> Hi Tim,
>>>> thanks for that idea. It was obvious but I didn't think about it.
>>>> The problem was mixed content, so http traffic in a https session.
>>>> jqchilli.js call:
>>>> var urlRoot = 'http://' + chilliController.host + ':' +
>>>> chilliController.port + '/json/'; // TODO make this dynamic
>>>> in line 38.
>>>> In line 22 and 23 I changed to host var to my DNS Hostname (fitting to
>>>> the cert) and changed to port to 4990.
>>>> In my /etc/chilli/config I added:
>>>> HS_UAMUISSL=on
>>>> HS_REDIRSSL=on
>>>> HS_SSLKEYFILE= /path/to/private_key
>>>> HS_SSLCERTFILE=/path/to/cert
>>>>
>>>> The hosts file of the Controller resolves the CN Name of the cert to
>>>> 10.1.0.1
>>>>
>>>> Now I have SSL enabled, without any errors.
>>>>
>>>> Regards
>>>>
>>>> Se
>>>>
>>>> Am Dienstag, 29. März 2016 13:05:34 UTC+2 schrieb timwhite88:
>>>>>
>>>>> Hi Sebastian
>>>>>
>>>>> Off the top of my head, I'm not sure what the problem is. Try using
>>>>> the browser developer tools to see any error messages you can see.
>>>>>
>>>>> Feel free to open an issue for it and when I get a chance I'll have a
>>>>> poke as well.
>>>>>
>>>>> Regards
>>>>>
>>>>> Tim
>>>>>
>>>>> On Tue, Mar 29, 2016 at 8:26 PM, Sebastian Schneider <
>>>>> se***.@gmail.com> wrote:
>>>>>
>>>>>> Hi Karotu, hi Tim,
>>>>>>
>>>>>> with the risk of annoying everyone, I tried to enable SSL yesterday,
>>>>>> as I did before with coova. The CHAP mechanism FAILS when SSL is enabled.
>>>>>> In any case, that shouldn't be the normal, right?
>>>>>> I do have a valid CA signed Certificate (startssl, soon letsencrypt)
>>>>>> and my grasehotspot is resolving my address via a local hosts entry. So
>>>>>> internally(connected via hotspot) it's resolving to my controller,
>>>>>> public(not connected via my controller) it's resolving to my website.
>>>>>>
>>>>>> So apache and everything is running fine, no warnings, no nothing.
>>>>>> But I have to use the "non-secure" variant of the captive portal (non JS
>>>>>> version, non CHAP version) to login successfully, when using HTTPS.
>>>>>> I had a look in the ChilliLibrary.js but without any luck.
>>>>>>
>>>>>> Any ideas from your side?
>>>>>>
>>>>>> Best
>>>>>>
>>>>>> Sebastian
>>>>>>
>>>>>>
>>>>>>
>>>>>> Am Sonntag, 9. März 2014 21:43:34 UTC+1 schrieb karotu:
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> Is it possible to make login secure with https?
>>>>>>>
>>>>>>> Thanks.
>>>>>>>
>>>>>>> Karotu
>>>>>>>
>>>>>>> --
>>>>>>> ----------------------------------
>>>>>>> Karotu Tannang
>>>>>>> Nauoi IT Services
>>>>>>> Behind BOK, Betio / PO Box 46, Bairiki
>>>>>>> Tarawa, KIRIBATI
>>>>>>> Mobile: +686 94038
>>>>>>> Like Us on Facebook: http://www.facebook.com/nauoionline
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>> This mailing list is for the Grase Hotspot Project
>>>>>> http://grasehotspot.org
>>>>>> ---
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "Grase Hotspot" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to gr***.@grasehotspot.org.
>>>>>> To post to this group, send email to gr***.@grasehotspot.org.
>>>>>> Visit this group at
>>>>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/73b262da-42ff-451f-b538-96550a7a706b%40grasehotspot.org
>>>>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/73b262da-42ff-451f-b538-96550a7a706b%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>>>>> .
>>>>>>
>>>>>
>>>>> --
>>>> This mailing list is for the Grase Hotspot Project
>>>> http://grasehotspot.org
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Grase Hotspot" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to gr***.@grasehotspot.org.
>>>> To post to this group, send email to gr***.@grasehotspot.org.
>>>> Visit this group at
>>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/293b318e-7b39-46d5-b142-774f2a91dfd8%40grasehotspot.org
>>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/293b318e-7b39-46d5-b142-774f2a91dfd8%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>
>>> --
>>> This mailing list is for the Grase Hotspot Project
>>> http://grasehotspot.org
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "Grase Hotspot" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to gr***.@grasehotspot.org.
>>> To post to this group, send email to gr***.@grasehotspot.org.
>>> Visit this group at
>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0Ky4%2BAxESAZNf%3DLhKf%2BvTovLrsQ2wc3XRPvY4Y3psiE0A%40mail.gmail.com
>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0Ky4%2BAxESAZNf%3DLhKf%2BvTovLrsQ2wc3XRPvY4Y3psiE0A%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To post to this group, send email to gr***t@grasehotspot.org.
> Visit this group at
> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/9e831ec8-a1b0-48b7-beda-e7480efa534b%40grasehotspot.org
> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/9e831ec8-a1b0-48b7-beda-e7480efa534b%40grasehotspot.org?utm_medium=email&utm_source=footer>
> .
>

Thread