Il 11/11/2017 09:07, goldsimon ha scritto:
Giuseppe Modugno wrote:
I'd like to protect some or all web pages and show them only to
authorized
people. I understood there are two methods: basic and digest.
I guess both are outdated. Modern web pages use a custom input field which is
sent to the server via POST. You'll need TLS obviously if you want the data to
be protected. The server then opens a session by sending the client a session
cookie which is then included in all further requests from the client.
Sadly, this is not implemented in lwip httpsd yet. The server code supports
POST but not sending/parsing cookies (although that part should be easy to
add). An overall example and session handling is missing though.
I know lwip is an open-source community project, but it's very strange a
minimal HTTP authorization support isn't implemented (yet). Today it's
very difficult to think of an embedded HTTP server that isn't protected
at all from unathorized access.
I suppose all the people using HTTP server in lwip apps folder add their
own authorization mechanism and it is a pity noone commit this to the
original HTTP server.
I don't think to have the capability to add auth mechanism... however
I'll try and I'll share my results.
_______________________________________________
lwip-users mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/lwip-users
