Welcome Guest, Not a member yet? Register   Sign In
Data Insertion Protection?
#1

[eluser]jamgood96[/eluser]
I'm currently working on a website that displays electrical usage data for a project our company is working on. For the actual data collection I'm using an Arduino that is tied to the internet. I currently having it do a GET request to a function in one of my controllers. This controller then inserts the info into a MySQL database via the proper model. This works fine, but this seems insecure. The Arduino is really limited to just doing a GET or POST request, so I don't know what my options are. Do I have the function require a password prior to allowing submission into the database, then just have the Arduino supply the proper one?

Thanks in advance!
#2

[eluser]InsiteFX[/eluser]
CodeIgniter Users Guide - Security Class
#3

[eluser]jamgood96[/eluser]
[quote author="InsiteFX" date="1340929728"]CodeIgniter Users Guide - Security Class
[/quote]

I'm aware of those techniques, however they seem to be more related to filtering data after it's been posted. I want to limit the ability to post, otherwise any joe-blow could post info and it would end up in my database. Does that make sense? I feel I'm not completely conveying what I need, but not quite sure how to word it differently.

Thanks!

James
#4

[eluser]Samus[/eluser]
Setup a login system then?
#5

[eluser]jamgood96[/eluser]
There's a basic login for viewing the monitoring system, but as far as the micro-controller (Arduino) it's only able to do very basic HTML functions, and post/get is one of those.

Right now I have a controller setup to take a post request and insert that data into the database. The Arduino sends a basic HTML request with the proper header to this controller and posts the data (i.e. power or energy consumption). This then gets processed an inserted into the MySQL database.

So you can see a login for the Arduino to post info won't work. Does it do me any good for the controller to require a specific passphrase be posted along with the data? That way the Arduino can post the data and the passphrase. Does this provide any real security?

Thanks!
#6

[eluser]vitoco[/eluser]
I think that if you only have the hability to send data, you can first "uglify" the url as much as posible ( c0239402348023/m9827342349/0283490283094/.../ ) , and second , send a unique hash or several unique not-human-readeable params, from every "valid user" ( in this case the arduino ) to validate it, also you can check the ip of the request. Not an infalible solution, but it makes more difficult.

Saludos




Theme © iAndrew 2016 - Forum software by © MyBB