opensourcemirror
/
WLEDwiki
mirror of https://github.com/Aircoookie/WLED.wiki.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Updated Security (markdown)

This commit is contained in:
Aircoookie 2017-12-13 11:55:14 +01:00
parent f577f0be84
commit 14cda071cb
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Security.md
View File

@ -8,7 +8,7 @@ If you have configured a port forwarding to control WLED from outside your local
### 1: Is the connection itself safe?
A: Technically not. The ESP8266 uses unencrypted HTTP traffic. Implementing HTTPS would take to much processing power and memory on this little device. This means an attacker could read your passwords during transmit. Therefore, to be safe, please do NOT change the AP/Client WiFi/OTA password from outside of your LAN via a forwarded port. If you are at home, you should be safe if your WiFi is secured.
A: Technically not. The ESP8266 uses unencrypted HTTP traffic. Implementing HTTPS would take to much processing power and memory on this little device. This means an attacker could read your passwords during transmit. Therefore, to be safe, please do NOT change the AP/Client WiFi/OTA password from outside of your LAN via a forwarded port. If you are at home, you should be safe if your WiFi is secured. You can change any other setting while your away, though. WLED doesn't send your actual password to the settings page, just its length.
### 2: What do you mean by secure then?
@ -21,4 +21,8 @@ A: Currently not. This is not sensitive information like your WiFi password. Any
### 4: I want to do a software update, but it says "OTA lock active"?
A: You need to go to the settings page. Untick the "OTA Lock" setting and input your passphrase in the field below it.
Now apply the settings and reboot. After that you can carry out the software update. Don't forget to re-enable OTA Lock afterwards! To enable, you don't have to enter the passphrase, unless you want to change it. For the lock to work you need to apply and reboot again.
Now apply the settings and reboot. After that you can carry out the software update. Don't forget to re-enable OTA Lock afterwards! To enable, you don't have to enter the passphrase, unless you want to change it. For the lock to work you need to apply and reboot again.
### 5: Why is this OTA lock stuff that important?
A: Your unencrypted WiFi password is stored in the module's EEPROM. It would be easy to "update" the software to a malicious version which sends your password to the attacker. OTA Lock makes sure only those with the passphrase may carry out a software update. And yes, while you can disable OTA lock by doing a factory reset, this would also kill the WiFi connection to the attacker.