Hi.
I'm tring to create a pin authentication to authorise button press. For example if you press SHUT DOWN button, a pop up would ask for a PIN code, if the pin is correct it would proceed with the flow. As a step two I would like to store the pins with user names, and store the user name assigned with the pin as an audit trail to see who pressed the button.
Is there any exapmples out there for this for Dasboard 2?
First thing to do is break your project into it's separate tasks so let me ask you a couple of questions.
- Will each person have an assigned PIN?
- if so, where will you store this authorization data?
- how will you add/update/delete people in that data pool?
- will people have the ability to issue all commands or only some of the commands? This will have to be added to each person authorization record.
- what will you do if someone uses the wrong pin?
- will you send out an alert to someone?
- how many tries will they have?
- will you lock the out if they fail N number of times?
- Will a lock out occur if they exceed the limit at one time point or over any number of days?
- Will someone be notified if a lockout occurs, if so how will they be notified?
This is my short, and probably not complete, breakdown of your question but you will probably think of more things when you analyze your goals.
One idea would be if someone presses a command, take them to another window with a ui-form that requires them to enter their name and pin and when the press a submit button you can validate them or sound an alarm....
In addition to Paul's comments.
You MUST make sure that comms between Dashboard (the user) and Node-RED are using HTTPS to ensure that the traffic for the authorisation cannot be intercepted.
Also, you MUST do the authorisation on the server (Node-RED) and not in the Dashboard client. That's because it is, at least theoretically, possible for the client-side code to be altered and to bypass any authorisation you put there.
Thanks for the deatiled reply.
The application is far from a security application. The only thing I need is to get a pin code confrimation after they press the button so
1, it can not be pressed accidently
2, only a few people can approve it (like 5-10)
Yes, each person would have an assigned pin, I was thinking to use a random generator to give them pin.
If they dont have pin i would just generate a pop up text saying you have no right to execute this, and they would only have 3 times to try and would time out for 5 minutes.
The main thing in here is that if somebody poresses the shout down button it wnt happen without a confirmation, but as I said it is more like to avoid accidental action then security.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.