Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Drzony
@drzony
https web server is extremely limited on ESP an not really required for the most part
Hasenradball
@hasenradball
The background is the following I want to send http POST data encrypted or so that cannot be seen in the browser.
Drzony
@drzony
what do you mean by "cannot be seen in the browser"? SSL does not do that
SSL encrypts the data between the browser and the server
you can see the data in the browser and on the server
not in the middle
Hasenradball
@hasenradball
example if I send a password via http POST I can see the POST -> data in the console view of the browser
Drzony
@drzony
you will also see that when sending via https
Hasenradball
@hasenradball
this I mean I want encrypt sensible data in the middle.
or if possible not to see anymore in the browser :-)
Drzony
@drzony
the browser encrypts the data when sending it out, so it will always be visible in the browser
there is no possibility to hide the data from the browser
Hasenradball
@hasenradball
But you mean https is not so good on the ESP, right?
Drzony
@drzony
no
that is the way that SSL works
you cannot do it no matter what server you are using
Hasenradball
@hasenradball
sure I mean the encryption part
Drzony
@drzony
when you enter the password in the browser, then the browser constructs the POST request
Hasenradball
@hasenradball
sure
Drzony
@drzony
so it must know the password
to put it into POST
then it encrypts the data, when sending it
so you cannot hide the password from the browser
it will always be visible in the console
Hasenradball
@hasenradball
No that not what I mean, I want to encrypt it during sending
console I mean the developer area -> F12where you can see the post data and son on...
Drzony
@drzony
yes
you will always see the data there, even when using SSL (i.e. https)
SSL only protects from man-in-the-middle attacks
for example when someone like your ISP wants to see the data
do you want to make ESP directly visible on the internet?
or are you afraid of bad actors in your local network?
Hasenradball
@hasenradball
no I am not afraid :-)
But I want to check out how I will work on the ESP.
Hasenradball
@hasenradball
@drzony and I heard that the https faster than http ist this right?
Drzony
@drzony
no
on ESP one https request takes about 3 seconds
(client one)
the server one will probably be even longer
https = http inside SSL, so it cannot be faster
Drzony
@drzony
@earlephilhower Either way I don't think that @hasenradball really needs https
Considering that most browsers will give warnings about self-signed certificates
and all the fuss with setting up https
Hasenradball
@hasenradball
Thanks for the Info I will have a look at the https examples, but if its not faster than http it is not an benefit for me. :-)
Earle F. Philhower, III
@earlephilhower
HTTP's auth is insanely insecure (plaintext b64!) so using TLS to protect that is generally a good practice (but slow on the 8266). But yes, there's no way to keep the browser itself from knowing the password...that's just kind of silly. Anyway, the examples do show both methods so he should be able to choose accordingly. Good luck!
Hasenradball
@hasenradball
:-)
Drzony
@drzony
@earlephilhower If it's only required for sending passwords, then I would go with encrypting it in JS with some master password. Using TLS without validating server cert (i.e. clicking through self signed warning) is also insecure (third party can trick you into entering password on their server)
Hasenradball
@hasenradball
Hello is it possible to send a post request to the ESP8266Webserver with json-formatted data or has the data always be in the type of x-www-form-urlencoded?
2 replies
Chris Dalby
@moose4621

Hoping for some knowledge from the brains trust here. I have been battling with a problem with the Arduino IDE for several weeks where I cannot upload to a Wemos D1 mini via the usb port, on all three computers, all running Ubuntu 20.04, Arduino 1.8.13, and esp core 3.0.2 but also tried 3.0.0 and 2.7.4 from GitHub.
I have been playing with the Wemos D1 mini's for a few years now and are usually having no trouble uploading via USB. I can upload to AVR boards via USB without problem. It seems specific to the esp8266 based boards.
The fault I get in Arduino is as follows:

Arduino: 1.8.13 (Linux), Board: "LOLIN(WEMOS) D1 R2 & mini, 80 MHz, Flash, Disabled (new aborts on oom), Disabled, All SSL ciphers (most compatible), 32KB cache + 32KB IRAM (balanced), Use pgm_read macros for IRAM/PROGMEM, 4MB (FS:1MB OTA:~1019KB), v2 Lower Memory, Disabled, None, Only Sketch, 115200"

Executable segment sizes:
ICACHE : 32768           - flash instruction cache 
IROM   : 355044          - code in flash         (default or ICACHE_FLASH_ATTR) 
IRAM   : 29385   / 32768 - code in IRAM          (IRAM_ATTR, ISRs...) 
DATA   : 1524  )         - initialized variables (global, static) in RAM/HEAP 
RODATA : 2736  ) / 81920 - constants             (global, static) in RAM/HEAP 
BSS    : 28368 )         - zeroed variables      (global, static) in RAM/HEAP 
Sketch uses 388689 bytes (37%) of program storage space. Maximum is 1044464 bytes.
Global variables use 32628 bytes (39%) of dynamic memory, leaving 49292 bytes for local variables. Maximum is 81920 bytes.
esptool.py v3.0
Serial port /dev/ttyUSB0
Connecting........_____....._____....._____....._____....._____....._____....._____
Traceback (most recent call last):
  File "/home/chris/arduino-1.8.13/hardware/esp8266com/esp8266/tools/upload.py", line 66, in <module>
    esptool.main(cmdline)
  File "/home/chris/arduino-1.8.13/hardware/esp8266com/esp8266/tools/esptool/esptool.py", line 3552, in main
    esp.connect(args.before, args.connect_attempts)
  File "/home/chris/arduino-1.8.13/hardware/esp8266com/esp8266/tools/esptool/esptool.py", line 529, in connect
    raise FatalError('Failed to connect to %s: %s' % (self.CHIP_NAME, last_error))
esptool.FatalError: Failed to connect to ESP8266: Timed out waiting for packet header
esptool.FatalError: Failed to connect to ESP8266: Timed out waiting for packet header



This report would have more information with
"Show verbose output during compilation"
option enabled in File -> Preferences.

It looks like a Python fault, but thats ...errrr.... above my pay grade. ;-)

This is what's weird. If I run a VM Win7 from within the same Ubuntu 20.04, I can upload via USB no problem from the windoze Arduino ide which is running in the VM on the Ubuntu host.

No doubt someone is looking at this and slapping their forehead while muttering "why doesn't he just do ??this", but the solution is not obvious to me. Any help would be appreciated.