nabsul/kcert

Feature Request | Protect Kcert UI

tkaur6494 opened this issue · 2 comments

Hi as of now Kcert UI is pretty much open and contains no auth security anyone can renew cert and view configurations. As a feature request to implement basic auth to protect anyone accessing and renewing certs from UI.

I will be shipping a switch to make the UI read-only: #29

As for basic auth, I don't think this is necessary, but you bring up a good point about this: KCert's admin UI should be on a different port that is never exposed to the outside world.

So this is my proposal: Move the admin UI to port 8080. No basic auth is needed since this port will never be exposed to the outside world. Port 80 is currently only exposed to the outside world temporarily, which an http challenge is in progress.

@nabsul That makes sense. Thanks for pointing out, Closing this Request.