I am now using HTTPS instead of HTTP. I even have self-signed certificates generate automatically if they are not present in the ssl_files folder. This allows 3 things.
- If you don’t have your own certificates, it creates them when the program launches, creating a user-friendly experience. If they are already in the folder, it simply loads them.
- You can replace the certificate files in the ssl_files folder with your own to get the nice green bar in your browser.
- Simply delete all the files in the ssl_files folder, reboot the sensor and you have new certificates that are good for 5 years.
Initially, I thought that incorrect time on the sensor would not allow you to connect to the sensor through SSL, but I modified the time by 17 hours and it still connected just fine. So that’s good, as I was worried when the Pi’s reboot or shut down for a bit, the time would drift without internet and you would be unable to configure it after that. I’m glad I was wrong!
Now the sensors are actually decently secure! With HTTP authentication and unique SSL generation per sensor, you can rest assured your commands and logins will not be ‘sniffed’ off the network.
One last thing I wanted to do is redirect any HTTP traffic to HTTPS, but I’m not sure how to make that happen with the webserver module I’m using in Python (gevent’s pywsgi).
I have now started to work on updating documentation since a lot has changed. Once that’s done, I’ll probably release another version.
On another note, I used chromes developer console to see the difference of page delivery sizes with gzip enabled. It really helped on the plotly graph’s, as it cut the download size to 1/4 and since they are usually about 4MBs, it makes a difference.
0 Comments.