From e378fae8912d1bf171c11ba793e6cf3589d8a850 Mon Sep 17 00:00:00 2001
From: CaCO3 <caco3@ruinelli.ch>
Date: Wed, 25 Dec 2024 19:43:00 +0100
Subject: [PATCH] Create Password-Protection.md

---
 docs/Password-Protection.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 docs/Password-Protection.md

diff --git a/docs/Password-Protection.md b/docs/Password-Protection.md
new file mode 100644
index 0000000..656afd1
--- /dev/null
+++ b/docs/Password-Protection.md
@@ -0,0 +1,16 @@
+# Password Protection of the Web Interface and REST API
+The Web Interface and the REST API can be protected by a password.
+
+To do so, you have to set the username and password in the `wlan.ini` file on the SD-Card.
+Uncomment (remove the leading `;`) and update the two lines with `http_username` and `http_password`
+```
+http_username = "myusername"
+http_password = "mypassword"
+```
+
+!!! Warning
+    This is be a WEAK and INSECURE way to protect the Web Interface and the REST API.
+    There was no audit nor a security review to check the correct implementation of the protection!
+    The password gets transmitted unencrypted (plain text), this means it is very easy to extract it
+    for somebody who has access to your WIFI!
+    USE AT YOUR OWN RISK!