Subject: Feature Request: Separate Passwords for Web-Visu and Web Client (Security Breach in
EasySoft 8.32 and earlier)
Message:
Hello everyone,
I am a regular user of the easyE4 controller and would like to submit a formal feature request
regarding the user management of the integrated web server.
Current issue:
In the latest version of EasySoft (8.32), Web-Visu (operation interface) and the web client
(system diagnostics and configuration) are not decoupled. They share the same authentication
gateway. This means that any user with credentials to operate the machine via Web-Visu also
has the master key to access the web client with many more attributions.
Use Case and Practical Risk:
The municipal drinking water service for treatment with phytosanitary products for farmers.
• The scenario: Farmers need to access Web-Visu from their mobile devices to manage
the water supply without supervision.
• The problem: By providing them with the password for viewing, we also grant them
full access to the web client. They could accidentally or maliciously modify network
settings, IP addresses, or query sensitive system data.
The Request:
I request the implementation of separate passwords for Web-Visu and the web client:
1. Operator level: A dedicated password that only grants access to the visualization and
management of the service (Web-Visu).
2. Administrator Level: A separate password for full access to device settings, data and
diagnostics (Web-Client).
Conclusion:
Currently, there is no way to provide an operator with a password that works for Web-Visu but
is rejected by the web client. For easyE4 to be a truly robust and secure tool for utilities and
decentralized, these two environments must be separated.
Is this upgrade planned for future firmware or software updates?
Best regards,
Agustín.
Thema: Feature Request: Separate Passwords for Web-Visu and Web Client (Gelesen 18 mal)