JS library modifications about coova-chilli HOT 6 CLOSED

Good work! Personally i think that the concept of showing the captive portal by redirection is bad (the host where coova-chilli is running must have a trusted certificate to work with SSL and most mobile browsers does not allow to accept a no-trusted certificate..). So i think to develop something like a mobile app that replaces the captive portal (starting from CoovaAX for example..).

from coova-chilli.

@PINKRA, not sure if you got the way I've implemented this. Take a look, hotspot.example.com is resolved 10.1.0.1 and has a valid certificate from startssl.com. You see, now warnings from the browser.

As public wireless networks are usually not encrypted this is the only way to protect usernames and passwords from being sniffed.

UPD: to be clear, it's impossible to put https on you main portal without these modifications because it leads to loading unsecured content on a secured page and browsers rise warnings about this. So once you set up https on your login pages (and if not – username and password are transferred unencrypted over unprotected wi-fi network) you have to set up https for all the coova sources stored on the hotstop as well.

from coova-chilli.

Yes, my previous considerations were generic and not referred to your specific work that i appreciate. I suggest you to make a pull request for your fixes.

from coova-chilli.

Perfect, so I'll make a single pull request for all the mentioned things a bit later. I'll also make PAP passwords optional.

from coova-chilli.

Can this ticket be closed?

from coova-chilli.

Yep, sorry, no time for PAP support, I'll make a pull request if I'll find time for it.

from coova-chilli.