[PLUG] Add gmail like security enhancements to rainloop?
Michael Christopher Robinson
michael at robinson-west.com
Tue Feb 12 08:25:28 UTC 2019
So SMS isn't that secure... I figured as much. I'm thinking I can
inexpensively add GPS equipment to Linux laptops and desktops so that
in theory I should be able to send my GPS coordinates to the server.
If the server receives acceptable GPS coordinates and a valid client
identifier from the client securely... that can be the trigger to
allow access to rainloop and effectively thwart dictionary attackers.
There are android and IOS apps that allow ssh, but I'm wanting scp and
scp only I think. Can javascript trigger a secure data exchange
between the client and the server? How do I dynamically program Apache
to only allow pre authorized source IP addresses to access rainloop?
The IP list should self prune within reason because the trusted client
devices are not always using the same IP address. When you try to go
to https://goose.robinson-west.com, you should either get an identify
yourself page or rainloop depending on whether or not I trust you yet.
I'm thinking the identify yourself page needs to get you the client to
send the GPS coordinates and the the secret key if you have it in a
secure manner. If the secret key matches for an accepted device and
the GPS coordinates land in an acceptable geographic region for that
device, you are golden. Whether I need a special security service that
I write or I need ecmascript is not clear.
I envision a server having a range of GPS coordinates it can accept,
and a list of 256 digit numbers it trusts. For example, I know I'm
going to be inside the US, so I allow GPS coordinates that land within
US territory. Not sure how to accomplish this though... If I choose
to travel to Canada, how do I allow for that???
Of primary importance is getting a pre determined client identifier
from client to server securely, I can always add on GPS coordinates
later.
With Apache the common thing is to allow all clients or require all
granted I believe. I want something like require all listed or
redirect all not listed instead.
-- Michael C. Robinson
More information about the PLUG
mailing list