If your coding something small with sensitive elements which has a web endpoint accessible to 1-5 people what is your go to solution.
Traits
- Secure
- Simple with small code footprint
- Access setup can be manual (no forgotten passwords, user management ect..)
Currently my go to is: https user + pass which uses OAuth 3rd Party (Telegram) to confirm log in from new IP
评论:
ptman:
cameronjerrellnewton:Put it behind a suitable reverse proxy? Like apache with SSO (e.g. mod_mellon).
Kimau:Is this accessible to the public Internet or is it internal intranet only? If its private, how about just doing it by mac address? I assume your company has AD credential based logins for their workstations already, let them handle the auth. If not then third party is probably easiest, most have free plans for that few of users. My goto is Auth0
cameronjerrellnewton:Remote, open internet. Potentially needed to be accessed from a new machine or phone.
Common use case is for remote IoT prototypes or experiments.
Kimau:Well then don't think lightweight and don't think back office. If you are opening up a channel to the back office and it's going to be accessible on the public web, you need to lock it down just as tightly as you would be anything else.
ChristophBerger:I'm not being lightweight in security terms. I mean that 90% of the functionality of a user management security system is around user management, forgotten passwords, ease of use ect...
I mean secure and small code footprint or low dependency graph because that's easier to maintain in a secure fashion. For when a dev is deving new tool X and needs a lib or toolset to use for remote access I can say okay we have Y use that.
If the IoT devices are capable enough to do OAuth, would they also be able to connect to a Virtual Private Network? With a VPN, you'd have a security layer beneath all of the application-level protocols. Which means less dependencies for the devs.
