Securing Passwords

[jwiesel]

Hi @meatpiHQ ,
thanks for providing your great devices and open source firmware!

Working with it for a bit now I realized that passwords are not protected in the current (4.04) firmware.

1. User interface: The passwords (e.g. WiFi, MQTT, battery alert) are shown as normal text fields () instead of passwords (<input type=password)
2. API: The /check_status endpoint contains the passwords in free text as well. It would be great to
   a. either remove / redact them from the api-endpoints
   b. or add a feature to enable authentication (e.g. HTTP-based with username + password) when accessing the config data

[meatpiHQ]

Hey @jwiesel Thanks for the suggestions.

User interface: The passwords (e.g. WiFi, MQTT, battery alert) are shown as normal text fields () instead of passwords (<input type=password)

I'll include this in the next release.

API: The /check_status endpoint contains the passwords in free text as well. It would be great to
a. either remove / redact them from the api-endpoints
b. or add a feature to enable authentication (e.g. HTTP-based with username + password) when accessing the config data

I'll have to look into the best way to go about it.

[jwiesel]

Thanks a lot!