Password protected sacredboard

[Gonzalo933]

Hello,

I want to start using sacredboard in my own server so I don't have to launch it everyday in my laptop and I would just need to open a URL. The thing is that this URL is public and anyone could delete or see my experiments.
I think an interesting feature to add will be a password input screen before showing the actual sacredboard, this password could either be stored in a file, in the DB or set with the command line options.

[chovanecm]

Hola,

if I understand it correctly you want to have Sacredboard running on a public server while preventing other users than you from accessing it.

If I added a password screen, I would also have to add support for encryption (HTTPS), because the password you would enter would travel over the Internet in plain text otherwise and anybody could intercept it.

While the above-mentioned option is possible, I think it might be easier for you to run a reverse proxy on your server, which would

• enforce HTTPS for incoming requests
• authenticate the user (e.g. with username and password, HTTP Basic Auth)
• forward HTTP requests of authorised users to Sacredboard, which would be running on the same server, but instead of listening on all IP addresses, it would only listen on localhost. I can add a command-line option that would specify which IP address Sacredboard should listen on (and you could use 127.0.0.1 for local-only connections)

Does it make sense? :)