Is it possible to manage a crypted password in a plugin, in a variable or elsewhere ?
The user should enter this password to get access to certain features; of course he could update it. And this password must not be easily readable.
No, there’s no support for this yet. I thought about this too. The solution I chose was to store the PIN code in memory, which of course, it’s lost when Luup is restarted. Other solution is to let the user choose where to store his password and let him know about the security implications of storing the password in a variable.
In my case, it is not only a PIN code to enter without checking, I would need a real password checking and management.
So, I will forget the password/PIN code.
Either I suppress the disarm button, or I add an option the user must check to have access to the disarm button but in this last case, this is not really more secure as it can be changed by someone having an access to the Vera UI (locally or remotely).
And what about the idea of defining manually a new OS user from a root connection to the Vera and then in the plugin checking the authentification with this user (using an execute command) ?
I don’t think that OpenWRT was made to be multi-user: OpenWrt Forum Archive