Member Avatar for Hummdis

I'm using Python and the Python CGI module to do some web development for a system's administrative access page.

The problem I have is that the current features allow you to reboot the system, power off the system and stop/start/restart system services. The system is very limited in what's running (no PHP, Apache, MySQL, etc), but the system does have Python.

My question is that when you click on the power off or reboot links, the system does it immediately. What I'd like the ability to do is require the user to re-enter the administrative password before the command is actually sent to the system.

The user did have to enter the 'admin' password in order to get to this page, but for added security I'd like to implement the ability to prompt again.

Does anyone have any suggestions for how could go about doing this?

  • 3 Contributors
  • 5 Replies
  • 369 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by Hummdis
Member Avatar for jcao219

The user did have to enter the 'admin' password in order to get to this page,

How did that work?

Member Avatar for Hummdis

How did that work?

Standard Python CGI module. However, that requires a web form. I'd like to prompt the user if possible, such as a Javascript popup, but then there's the problem with getting the input from Javascript into Python to finish the rest of the work.

Member Avatar for Insomaniacal

Couldn't you have the javascript encode the password in whatever encryption you want (SHA2/MD5/Whatever), and put that hash in a txt file in a secure area of the server?

Then have a python thread constantly check that file for data. If it finds any, it checks if it's the correct hash.

Now, you have another function (Shutdown), that turns off the computer. It constantly checks a variable, shutdown1. Initially, it equals 0, but that thread will set it to 1 if the correct hash is used. If the variable is set to 1, the program continues on to shutting down the computer.

It might be kinda messy, but it should work with some work.

Member Avatar for Hummdis

Couldn't you have the javascript encode the password in whatever encryption you want (SHA2/MD5/Whatever), and put that hash in a txt file in a secure area of the server?

Then have a python thread constantly check that file for data. If it finds any, it checks if it's the correct hash.

Now, you have another function (Shutdown), that turns off the computer. It constantly checks a variable, shutdown1. Initially, it equals 0, but that thread will set it to 1 if the correct hash is used. If the variable is set to 1, the program continues on to shutting down the computer.

It might be kinda messy, but it should work with some work.

That's actually the route that I started to take before I thought that someone here may know of an easier way. I tend to do things more complicated than needed and I was hoping to save myself on this one.

I was also hoping that someone new of a 3rd party Python library that I could install into the OS itself that's not bloated.

This same thing can be done with PHP, but that adds another 20MB to the OS that's used for only one purpose. Since the same can be done with some Javascript and Python, which already exist.

Thank you for the idea though. Does anyone else have any others?

Member Avatar for Hummdis

Well, as it turns out, Insomaniacal was right. The only way to do this is to link to a confirmation page that requests the required information before processing the command.

Thanks for the replies though!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.