+- Logic Machine Forum (https://forum.logicmachine.net)
+-- Forum: LogicMachine eco-system (https://forum.logicmachine.net/forumdisplay.php?fid=1)
+--- Forum: Visualization (https://forum.logicmachine.net/forumdisplay.php?fid=9)
+--- Thread: WebSocket authentication payload (/showthread.php?tid=5750)
WebSocket authentication payload - rbourgeon - 20.11.2024
Hello,
when I open the visualization page (/scada-vis) and I hit F12 in my web browser to display the requests that are emitted, I noticed a websocket request:
ws://LOGIC_MACHINE_IP/scada-vis/objects/ws?auth=username:xxxxxxxxxxxxxxxxxxxxxxxx
where xxxxxxxxxxxxxxxxxxxxxxxx is a mysterious token that seems to always be the same if the same user revisits the page later (firmware is 20211215).
How is this token calculated? Can you ensure me that anyone won't be able to compute back the user's password from this token?
RE: WebSocket authentication payload - admin - 20.11.2024
It's a one-way hash that cannot be decoded directly, only via brute force. This mechanism is deprecated and is not used in the 2024 firmware.
If you want secure access then HTTPS should be used.