Hi,
happily running version 5.0.0 of the piCorePlayer. I noticed that under About -> Current configuration[ INFO ] /usr/local/etc/pcp/pcp.cfg, the password of the wifi network is being shown. I feel this is quite insecure:
a) because the connections to the GUI is via http and not https (i can't find a setting to let it default to https)
b) anyone connecting on the same wifi WLAN will see the password ... you could argue that someone that is on the WLAN would have already acquired the password somehow but still, this is not appropriate in my view.
Is there a way of:
a) defaulting the GUI to https?
b) masking the password in the GUI?
c) connecting to the GUI only via login/password?
I know that if I connect a screen and keyboard to the RPi I can turn the GUI off, but its very inconvenient to have to do so an then turn it back on when you need to make some changes to settings (this is what I'm doing at the moment, which is quite tedious ...)
Any suggestions on how I can improve this and make things more secure without having to turn the GUI on/off all the time?
Thanks
happily running version 5.0.0 of the piCorePlayer. I noticed that under About -> Current configuration[ INFO ] /usr/local/etc/pcp/pcp.cfg, the password of the wifi network is being shown. I feel this is quite insecure:
a) because the connections to the GUI is via http and not https (i can't find a setting to let it default to https)
b) anyone connecting on the same wifi WLAN will see the password ... you could argue that someone that is on the WLAN would have already acquired the password somehow but still, this is not appropriate in my view.
Is there a way of:
a) defaulting the GUI to https?
b) masking the password in the GUI?
c) connecting to the GUI only via login/password?
I know that if I connect a screen and keyboard to the RPi I can turn the GUI off, but its very inconvenient to have to do so an then turn it back on when you need to make some changes to settings (this is what I'm doing at the moment, which is quite tedious ...)
Any suggestions on how I can improve this and make things more secure without having to turn the GUI on/off all the time?
Thanks