Recent content by lettersnumbers_-

Check here for fixing users/permissions.

I finished my enclosure. Now I just need the fridge. I'm gonna go with a side by side and use the right for fermenting, then later on add another arduino to control the freezer and turn it into a kegerator. At least that's the plan.

The names of the pages might certainly be confusing right now. The original page was index.php. Fuzzewuzze's original private page is index.php and he made a public page called something else. My private page is control.php and public page is index.php. I would check your .htaccess file...

Nah, I unplugged the Arduino at some point.

Mine is currently not hooked up to a fermentation chamber or any beer. I'm fine with it, just let me know what you're trying so I can try and figure out how to secure it!

redacted

Great job, gezzanet. I just finished up my arduino sheild this morning. I love the ministereo solution! I'm going to steal that for my enclosure. Don't you need switches on those outlets in Australia? Have a Tim Tam for me.

Hmm.. My .htaccess solution seems to have a problem. It makes it impossible to save new or modified beer profiles... Removing save-beer-profiles from the .htaccess seems to fix it.

I don't really see the point. With SSH and FTP you can do everything you want without a gui. I don't really want a gui for my raspberry pi, at least not this one. If, however you do, want a gui without hooking up keyboard/mouse/monitor, look into this instead. I'd rather have one more piece of...

I haven't had my raspberry pi ever lock up, but I haven't kept it on for more than a day straight so far. However, this looks like an easy hardware based solution to auto reboot your pi if it gets hung up. Seems like a no brainer, right?

Improvements on the public and private brewpi pages Disclaimer: I am by no means an expert at this, and am not very confident that this is extremely secure. If you expose your brewpi to the internet at all there is a risk that someone else will be able to control it, potentially controlling...

So that should close off access to the php pages, but what about the javascript? Is there any reason to protect those? I'm not really clear on what can be done by accessing them, or how one would access them directly.

I see a couple improvements on this, which I've tested and seem to work. In the second filesmatch, you can use regular expressions to save a bit of typing. I've also removed previous_beers, as I want public access to that, and I think that's safe. you have a typo in save_beer_profile as well...

Let's talk web security! I'm nearly done with my modifications, but think there's still some room for improvement on the security front. I'm planning to do a write up of the changes I made in case they help anyone else, although to someone with more web experience than me, I haven't really done...

Thank you, MongooseMan. That was actually the first thing I tried, but I must not have copied the file over correctly...