VSCP Daemon websocket server security
The websocket interface is protected by a user/password pair. The username is sent a digest over the net but the password is a hash over “username:authdomain|raltext-password”.1)
I addition to the username/password which also groups users in security levels it is possible to have table where the hosts allowed to connect to the system is stored.
In addition to this SSL can be enabled on the interface.
Also a privilege based system is used to protect critical functionality. A user need a specific privilege to send an event for example and can be set up to be allowed just to send a limited set of events. Also a filter on incoming events is possible to set up to limit what a user can receive.
There is also a privilege system for the websocket interface just as it is for the TCP/IP interface
|CLRQUEUE||1||Clear input queue|
|CREATEVAR||6||Create a new variable|
|RESETVAR||6||Reset variable to default value|
|REMOVEVAR||6||Remove (delete) variable|
|LENGTHVAR||4||Get length of variable|
|LASTCHANGEVAR||4||Get last change date + time for variable|
|Send event||6||Send event|
|Read event||0||Read event|
Put together this makes the VSCP Daemon one of the safest systems to use for remote maintenance of IoT/m2m systems.