suggestion to improve safety

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message
gu3d3s
DD-WRT User


Joined: 10 Aug 2017
Posts: 70
Location: Fortalaza - CE - Brazil

PostPosted: Thu Dec 28, 2017 23:44    Post subject: suggestion to improve safety Reply with quote
I did not find a correct place to post, so my apologies if I posted in the wrong place.

suggestion to add an option to improve DD-WRT security.

logoof option for predetermined time and for a logout button,
because I logged in remotely on a modem using the DD-WRT and 24 hours later when I opened the browser and typed the address the page opened directly without the option to log in, only if you close the browser and open it again and it is requested to password again.

it would be nice to add this security item more

_________________
Linksys WRT3200ACM - Lede - WRT1900ACS/V2 - 35034 - TP-Link Archer C7/V2 - 35034 - TP-Link Archer C50 V1(die)- Linksys EA-6200 (stock Sad )
Sponsor
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 576
Location: Hung Hom, Hong Kong

PostPosted: Sun Dec 31, 2017 6:35    Post subject: An explicit LOGOUT button? Reply with quote
gu3d3s wrote:
I did not find a correct place to post, so my apologies if I posted in the wrong place.

suggestion to add an option to improve DD-WRT security.

logoof option for predetermined time and for a logout button,
because I logged in remotely on a modem using the DD-WRT and 24 hours later when I opened the browser and typed the address the page opened directly without the option to log in, only if you close the browser and open it again and it is requested to password again.

it would be nice to add this security item more


I second that, though closing your browser after accessing DD-WRT's web interface would automatically log you out. Just an explicit LOGOUT button!

BTW, what if the LOGOUT button could also kill all telnet and ssh sessions? Smile

_________________
Router: Asus RT-N18U (rev. A1)

May the Force and farces be with you! Live long and proper!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
d0ug
DD-WRT Guru


Joined: 31 Jul 2015
Posts: 759

PostPosted: Sun Dec 31, 2017 7:02    Post subject: Re: suggestion to improve safety Reply with quote
gu3d3s wrote:
I did not find a correct place to post, so my apologies if I posted in the wrong place.

suggestion to add an option to improve DD-WRT security.

logoof option for predetermined time and for a logout button,
because I logged in remotely on a modem using the DD-WRT and 24 hours later when I opened the browser and typed the address the page opened directly without the option to log in, only if you close the browser and open it again and it is requested to password again.

it would be nice to add this security item more


Due to the type of authentication used, basic http authentication there is no true way to log out. The authentication is kept on the browser side once you have logged in. In general the browser should invalidate the login session after the browser is closed. If it is not, then there is something wrong with your browser. You can force it to "logout" by providing an invalid user/pass which will invalidate that session. You can do this by typing http://-:-@192.168.1.1/ into your browser window. This will make your browser try and login with the username - and the password -

You can put anything in place of those dashes as long as it is not a valid login.

Hint if you are lazy and don't want to login you can setup a shortcut to http://<user>:<pass>@192.168.1.1 Obviously anyone with access to the PC is going to have access to your password, so really not the best practice.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum