1. Different ways to secure STM32CubeMonitor
You have a lot of ways to secure your STM32CubeMonitor tool. Each one of these secured way is easy to set up :
- Secure your flow : create accounts with different permissions to modify the flow
- Secure your dashboard : create an account to regulate access to the flow
- Prevent any machine different from the host one to see your STM32CubeMonitor tool
2. How to secure my flow ?
You can add a login and a password to your STM32CubeMonitor tool. This authentication will prevent non-logged users to modify and deploy your flow. Nevertheless, they will be able to go in dashboard mode and start the acquisition.
To secure your flow, go in the ~/STMicroelectronics/stm32cubemonitor folder. Open the settings.js file and uncomment the adminAuth block. Then, open a command line window and enter the following command line :
- Generate a password :
- node -e "console.log(require('bcryptjs').hashSync(process.argv[1], 8));" <myPasswd>
Type your password in the password field and copy/paste the hashed password. In the settings.js file, choose the username, and replace the default password by your new password. Finally, you can choose between two permissions :
- * : the user will be able to do whatever he wants on the flow.
- read : the user will only be able to see the flow configuration an switch in dashboard view but not to deploy. This is a "read-only" mode.
The "default" key will give the "read" permission to any user, even the non-logged ones.
adminAuth: {
type: "credentials",
users: [{
username: "admin",
password: "$2b$08$jLZtZBM8ySdwPGpbGsDaE.kZagU4cetH5c7QPhspaOJ60QSOahaoa", //password : admin
permissions: "*"
},
{
username: "user",
password: "$2b$08$f1pbalRjiHDBjOoPJ3fsmO6caEvFwGmbh0kFsTMmHuSkM6Z/BT8O.", //password : user
permissions: "read"
}],
default: {
permissions: "read"
}
},
Your tool is now secured you'll need an authentication to deploy your flow.
To go further see the node-red page on how to secure a node-red flow.
3. How to secure my dashboard ?
You can add a login and a password in order to access to the dashboard window. The connection will be done after the click on the "dashboard" button, a popup will display. Thus, a user whitout account to connect on the dashboard will however be able to modify and deploy the flow. You can also combine the flow and the dashboard security.
Like the flow security, to secure your dashboard, go in the ~/STMicroelectronics/stm32cubemonitor folder. Open the settings.js file and uncomment the httpNodeAuth line. You may change the username and generate a new password following the previous method :
- node-red admin hash-pw - if you are using the Node-Red 1.1.0 version
- node-red-admin hash-pw - if you are using an older version
httpNodeAuth: {user:"demo",pass:"$2b$08$50L83HdgJESfdUETL1f2ceyJVhi.Yi77XJ2C/.8rPRZZGTZpR5Zoy"}, //password : demo
To have more information see the node-red page on how to secure a node-red dashboard.
4. How to prevent other machines from connecting to my tool ?
This configuration will prevent someone who knows your IP adress to connect to your STM32CubeMonitor environment.
Go in the ~/STMicroelectronics/stm32cubemonitor folder. Open the settings.js file and uncomment the uiHost line :
uiHost: "127.0.0.1",
Once this line uncommented, nobody will be able to access to your STM32CubeMonitor tool except from the host machine.