Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

mitra42 / frugal-iot Public

Notifications You must be signed in to change notification settings
Fork 3
Star 1

Code
Issues 59
Pull requests
Actions
Projects
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Security
Insights

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Meta: Security and Privacy #89

Open

1 of 11 tasks

mitra42 opened this issue Dec 12, 2024 · 0 comments

Open

1 of 11 tasks

Meta: Security and Privacy #89

mitra42 opened this issue Dec 12, 2024 · 0 comments

Labels

security and privacy

Comments

Copy link

Owner

mitra42 commented Dec 12, 2024 •

edited

Loading

Meta task for security and privacy issues

MQTT client in browser should operate over SSL
MQTT client in browser should be constrained on what it can receive based on permissions
MQTT client in browser should login based on organization configuration instead of public/public
MQTT client in Logger should login to each organization with a separate password - holding multiple connections as reqd
MQTT client in Node should be constrained based on permissions.
Server - userid an password should be in config.d files and not in GIT #90
WiFi configuration: pick up GPS #44 - should only be able to set location based on some kind of access control
HTML Server should be https not http See HTML server #41
HTML Server should control access to data and config based on a login (user not organization) See HTML server #41
MQTT Client should have a user password, not an organizational one See HTML server #41
OTA security needs thinking thru See Setup OTA option #37

Reference

Node Red is also in JS and has notes on securing it here that might be useful - especially using "Passport" as a framework with multiple authentication options
Passport may be the solution - drop inable on express

The text was updated successfully, but these errors were encountered:

All reactions

mitra42 added the security and privacy label

mitra42 mentioned this issue

HTML - simple MQTT client #30

Closed

20 tasks

mitra42 mentioned this issue

Setup OTA option #37

Open

27 tasks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Assignees

No one assigned

Labels

security and privacy

Projects

None yet

Milestone

No milestone

Development

No branches or pull requests

1 participant

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.