Common stuff for all my devices' web server pages: css, login, log, ipv4, ipv6, firmware update, clock, reset info etc.

Dependents:   gps heating

Security

A password has to be set whenever there has been a software reset. Resets following faults or power on do not require a new password as the hash is restored from the RTC GPREG register.

The password is not saved on the device; instead a 32 bit hash of the password is saved. It would take 2^31 attempts to brute force the password: this could be done in under a month if an attempt were possible every millisecond. To prevent this a 200 ms delay is introduced in the reply to the login form, that gives a more reasonable 13 years to brute force the password.

Once the password is accepted a random session id is created. This is 36 bit to give six base 64 characters but without an extra delay. If an attempt could be made every ms then this would still take over a year to brute force.

The most likely attack would to use a dictionary with, say, 10 million entries against the password which would still take 20 days to do.

Changes

RevisionDateWhoCommit message
141:1dac268a197d 4 months ago andrewboyson Added routine to parse a float (double) value from a query. default tip
140:8951a8b45289 4 months ago andrewboyson Changed home brewed query encode function to use encodeURIComponent instead.
139:e189c6669983 4 months ago andrewboyson Corrected a javascript error with the wrong function name.
138:44d84506b2f6 4 months ago andrewboyson Modified AjaxRequest to AjaxSendNameValue in order to be able to encode '=' and '?' correctly
137:3b6632374855 4 months ago andrewboyson Found that an ajax input would nor send a '%' so modified encoding to convert '%' to '%25'. '+'s were already encoded to %2B.
136:be1d42268b5d 6 months ago andrewboyson Modified the IPv4 and IPv6 pages to display the resolution indexes for cross referencing against the TCP page
135:c1490f7e95be 6 months ago andrewboyson Made HTTP module callable from https (TLS) or from httpv (vanilla).
134:3d0abf4cd097 6 months ago andrewboyson Http nor returns finished if client has sent finished and there is no http connection
133:98c6bf14bc37 7 months ago andrewboyson Addewd more fields to TCP connections
132:5b2df69a4f17 7 months ago andrewboyson Include TCP monitor
131:a9793a9721c7 8 months ago andrewboyson When the user adjusts the UTC offset in the clock web page the UTC time remains the same; previously it would change as the TAI time was not adjusted to suit.
130:9a5b8fe308f1 13 months ago andrewboyson Added http
129:6d9bffc72676 13 months ago andrewboyson Tidied up connection checks
128:fc9708e1d17c 14 months ago andrewboyson Added connection status
127:bd6dd135009d 15 months ago andrewboyson Amalgamated Reply into Poll function
126:6b547c86da6e 17 months ago andrewboyson Updated login module following change to random module.
125:772948168e4f 17 months ago andrewboyson Updated net library
124:a2de6c22f85e 17 months ago andrewboyson Corrected spelling of governer to governor.
123:06de83222fda 17 months ago andrewboyson Updated http module in the net library
122:cd3f391ac8aa 17 months ago andrewboyson Updated http
121:811adea8a6a4 17 months ago andrewboyson Changed nav padding to 0.4 from 0.5
120:85a4d8f7517d 17 months ago andrewboyson Updated Last Reset page
119:794e5985d6c8 17 months ago andrewboyson Restart module in lpc1768 library updated
118:53430a2a2595 17 months ago andrewboyson Updated lpc1768 library
117:4f1fe03715ca 18 months ago andrewboyson Updated fault module
116:e2f4bf715af7 18 months ago andrewboyson Updated Fault module
115:24cb6e84ddd6 18 months ago andrewboyson Changed firmware reset to call the new restart routine rather than directly calling the semihost reset.
114:900e33dfa460 18 months ago andrewboyson Added ability to force a new password
113:23507d14f927 18 months ago andrewboyson Renamed 'core' to 'common'
112:f29bb9b99059 18 months ago andrewboyson Changed all names from 'derived' to 'this'
111:aaa858678e34 18 months ago andrewboyson Corrected bug where postComplete was not set true in the event of there not being a post.
110:8ab752842d25 18 months ago andrewboyson Tidied. About to rename to web.
109:3e82f62c7e1f 18 months ago andrewboyson Tidied names from http to web
108:91bfb40e7487 18 months ago andrewboyson Renamed WebBaseInit to WebInit
107:8ce0c528e2e5 18 months ago andrewboyson Tidied after merge
106:7cff473be687 18 months ago andrewboyson Tidied
105:43ef124233cd 18 months ago andrewboyson Removed Server name
104:40097d08edd5 18 months ago andrewboyson Renamed WebServerDerived to WebServer
103:91194cc19bbb 18 months ago andrewboyson Renamed everything from Http to Web
102:ce6770cb3488 18 months ago andrewboyson Moved http module to the net library
101:07234e772d31 18 months ago andrewboyson Removed unnecessary reference to 1-wire library's DS18B20.h module.
100:4a79e85d49ef 18 months ago andrewboyson Moved 1-wire http page over to 1-wire library to avoid issues when the file is not required
99:5aa33c306167 18 months ago andrewboyson Moved 1-wire into a separate library and moved the 1-wire page here with an option.
98:4e099563d5b9 18 months ago andrewboyson Encode '+' in XmlHttpRequest in line with what is automatically done by a form input.; Added routines to read hex numbers as signed integer.; Added date local id.
97:d9a821ab0f3d 18 months ago andrewboyson Converted net trace to use the Ajax class
96:eb2eb75bad0f 18 months ago andrewboyson Added Ajax class to net6 script
95:8c9dda8a0caf 18 months ago andrewboyson Used class to encapsulate ajax part of js in base.
94:d7226b2c14b6 18 months ago andrewboyson Used a class for the utc time to handle both the server 'real' time and a pseudo 'next leap' time. Also split the includes into building blocks so that many of the js scripts could be made up from them.
93:8995561d995f 18 months ago andrewboyson Reduced dependency of lpc1768-base on http by moving semihost file list routine into http-base
92:9ce59a5b6032 18 months ago andrewboyson Modified 'skip to main content' to 'skip to content'
91:9a125082f53c 18 months ago andrewboyson Added tab to main content to nav bar for keyboard users
90:9cc77a16b6c5 18 months ago andrewboyson Enabled focus on toggles and reinstated outline for keyboard users
89:615fb951df69 18 months ago andrewboyson Made Ipv6 tab use ajax
88:2857259fc2b4 18 months ago andrewboyson Made ARP and DNS entries in IPv6 and IPv4 pages update by ajax
87:c51478679090 18 months ago andrewboyson Moved log uart from net trace page to log page.
86:f3c9beec4ee7 18 months ago andrewboyson Split the NET page into general net, net ipv4 and net ipv6. Also made the arp and dns update through ajax.
85:fcffd89028c0 18 months ago andrewboyson Removed ugly blue outline from inputs with focus. Will need to rethink this as ultimately want the tab key to work.
84:4ed751de613e 18 months ago andrewboyson Added option for a suffix to an input
83:0d956edd55b7 18 months ago andrewboyson Capitalised some buttons
82:980a393ff4dc 19 months ago andrewboyson Added max age to sid cookie.