Login security

Posted on Thu 17th, April 2014

• #1

gito.nirmolo

I would prefer that there is a simple login process before entering Espruino command prompt, so not everyone can script the code. I'd like to know how I do best implement that whether using javascript code or should be modifying low level c source code.
• #2

Gordon
The best method is probably to modify the C source code (the console is handled in jsinteractive.c), however you could do it in JavaScript:
- Setup Serial5, and then explicitly set its pins back to read mode with digitalRead
- Move the console to another serial port with Serial5.setConsole
- Write your own handler for USB data with USB.onData, and when the correct password is entered, swap the console back.
What are you using it for that requires it to be locked down?

I haven't bothered that much with security because honestly, if someone's got the box open and can plug USB in, they could probably attach a JTAG/SWD programmer/debugger and reprogram the chip/read its contents, or could reboot it into bootloader mode.
• #3

Loop

If you can afford something simplier, I would adapt http://www.espruino.com/Single+Button+Combination+Lock - It's just security trough obscurity, but a lot easier to implement (reenable the console when the right sequence has been pushed)
I agree with Gordon about not bothering much with security anyway, I don't think password protecting the console would be generally useful.
• #4

Gordon

It might be a good idea for me to have an example of locking Espruino down anyway I guess.

I had plans for a 'loopback' device for the console, which would make implementing this kind of thing a lot cleaner, and would also allow people to do things like attaching a keyboard to Espruino :)
• #5

Loop

+1 for the keyboard! Were you thinking ps/2 or usb?
• #6

Gordon

@Loop PS/2 most likely, but the idea is more that you write your own keyboard input/graphics output.

Currently it can be done but you need to use 2 serial ports (one to direct the console to, and another to read the console data back with).

Here it would help because you could direct the console to it (without a handler) and then the console is in some kind of no-mans-land where nobody can access it.
• #7

gito.nirmolo

Thanks Gordon and Loop for tips. My app is for wireless / remote programming, so that’s why I am thinking about need for security. Refer to http://forum.espruino.com/conversations/1104/, I finally will do , just monitoring and filtering on messages that flow in another receiving port that the board communicates with outside ( not in console port as I though before, and leave console port as it is).

Post a reply
- Bold
- Italics
- Link
- Image
- List
- Quote
- code
- Preview
Formatting Help

Don't worry about formatting, just type in the text and we'll take care of making sense of it. We will auto-convert links, and if you put asterisks around words we will make them bold.

Tips:

Create headers by underlining text with ==== or ----

To *italicise* text put one asterisk each side of the word

To **bold** text put two asterisks each side of the word

Embed images by entering:
![](https://www.google.co.uk/images/srpr/logo4w.png)
That's the hard one: exclamation, square brackets and then the URL to the image in brackets.

* Create lists by starting lines with asterisks

1. Create numbered lists by starting lines with a number and a dot

> Quote text by starting lines with >

Mention another user by @username

For syntax highlighting, surround the code block with three backticks:

```
Your code goes here
```
Just like Github, a blank line must precede a code block.

If you upload more than 5 files we will display all attachments as thumbnails.

For a full reference visit the Markdown syntax.

Login security

About

Login security

Actions

Login security

Formatting Help

About

Login security

Actions

Espruino