On my Raspberry I find this extract from the cli command "ps aux":
root 1727 4.1 2.8 158260 12800 ? Sl 11:57 28:32 z-way-server
Why is the z-way-server running as user root?
z-way-server uses port 8083, this should be very well be accessible as an unprivileges user.
Can you please describe how to make z-way-server run in a more secure way?
Thank you.
Run z-way-server as unprivileged user?
Baisc Auth
Is there a way to use authetication on the local z-way-server webinterface (like .htaccess with apache)?
See Roadmap
Read the roadmap: http://razberry.z-wave.me/roadmap.php It seems to be coming in May.
Since 29-12-2016 I am no longer a moderator for this forum
Basic Auth will come.
Basic Auth will come.
The root comes from access to /dev/ttyAMA0. In next releases we will probably add a new user and add this user to dialup group. Thanks for the feedback!
The root comes from access to /dev/ttyAMA0. In next releases we will probably add a new user and add this user to dialup group. Thanks for the feedback!
unprivileged user not basic auth
In my post I meant that the zway server software should not run as user root. It should run as an unprivileged user. (uid !=0)
@PoltoS: I am happy to read that you want to include this in your next releases. The described solution of adding a new user which is in dialup group will help you to reach it.
@rabing, pz1:
This has nothing to do with Basic Auth. Basic Auth can be done easily using an Apache2 server as a frontend and to proxy the request to the zway. This is anyways my preferred setup, because you can ssl encrypt the communication easily without z-wave.me having to implement all that ssl stuff. For a small hint how to do this, please look here: http://en.z-wave.me/content/how-hide-z-way-url
@PoltoS: I am happy to read that you want to include this in your next releases. The described solution of adding a new user which is in dialup group will help you to reach it.
@rabing, pz1:
This has nothing to do with Basic Auth. Basic Auth can be done easily using an Apache2 server as a frontend and to proxy the request to the zway. This is anyways my preferred setup, because you can ssl encrypt the communication easily without z-wave.me having to implement all that ssl stuff. For a small hint how to do this, please look here: http://en.z-wave.me/content/how-hide-z-way-url