I don’t find any button to log out of the dietpi dashboard webinterface. So anyone can shutdown/restart or kill services from a computer which was recently logged in?! Should this be like this??
Thanks in advance for clarification.
Is there someone who has access to you computer who would do something like this? Did you tried to close your browser completely? Does it require a password again once you start a new browser session?
Is there someone who has access to you computer who would do something like this?
Security by obscurity?
The question is “why” is there no option to logout?
I’ve tested it just now:
If I only close the browser window, the session is still open (no password required).
If I close the browser completely, the session is also open after the restart of the browser (no password required).
That seems to be not very secure…
I’ve uninstalled the dashboard again (the 3rd time). I hope there will be a possibility to logout in the future, because
the dashboard is actually very cool…
pls could you raise your issue at the developer GitHub? https://github.com/ravenclaw900/DietPi-Dashboard/issues
This way he could have a look.
There is an entry in the config to set an expire time for the token (in seconds):
I set it to 0 and also tried some other values, but it doesn’t worked for me. I will also make a report on github.
So yes, it’s not very secure, but on the other hand there is an info on the DietPi software webpage, which suggest it’s still in beta and not recommended to use on sensitive production systems yet.
well, to do some damage, someone would need to get access to your computer where you already had opened the Dashboard before. As long as you are not on an open space environment, it should be fine until a fix become available.
Edit: Issue has been opened https://github.com/ravenclaw900/DietPi-Dashboard/issues/185