Disable Username / Password for local network requests

[techstacy]

I would be nice to have username and password enabled for remote security and then to have an option (checkbox) to not require login for local subnet connections.

[shypike]

Yeah, we've looked at that.
The biggest challenge is finding out what the netmask is for the active network adapter.
There is simply no method that is both portable and reliable.
(Well, I could not find it anyway)

[Eejit]

Would one way to do this be to use different templates? Well one designated remote connections and one designated local subnet, then depending on which one was accessed, have the username & paswword or not.
I don't know if this is possible, but SAB already has a secondary web interface. Could something be done with that?

[shypike]

Doesn't really change the basic problem.
Besides, the only distinction between the two skins is the end part of the URL.
That's not a reliable basis for the distinction.
Like I said, we're looking at it, but there are no shortcuts that wouldn't compromise security.

[underwhere]

Would it be possible to enable a user name and password only for the ssl portion and leave the non-ssl open?

[shypike]

Not with the current web server framework we're using.
It's one of these long-term things that are useful but for which we
usually decide that the effort exceeds the benefits.
We'll look at it again for release 0.8.0, which will have an upgraded framework.

[pushnoi]

2 years later... has this been implemented?

[shypike]

No, because we're only now preparing 0.8.0 for release.
It doesn't look like the framework has become more friendly towards implementation.

BTW: requiring no login over http and login over https is not feasible.
There's no way to stop people from using http.