Como no proteger las contraseñas de los sitios web

Esta semana he estado configurando un nuevo router, un TP-Link, y había una serie de parámetros de los cuales no me acordaba, así que me he metido en el antiguo router para ver dichos parámetros, una vez que estaba en el antiguo router he estado haciendo unas pequeñas pruebas y trasteando con algunas opciones y me he encontrado con lo siguiente.

 

Como se puede ver la contraseña de autenticación del usuario frente al ISP es visible desde las herramientas de desarrolladores del navegador (en mi caso firefox). Cualquiera con acceso al router podría suplantar la identidad con las credenciales del router.

Bittorrent Sync and how to address mapping on D-Link DSR-500N Router

Right now, I am configuting a Bittorrent Sync network in order to decide if my company should use this service or not.

Bittorrent Sync is similar to Dropbox in the sense that the information will be replicated on each approved computer, the difference is that information doesn't upload to the cloud, it only will be stored in each computer that knows a Secret Key.

I have installed the client in my work computer (Windows) and in a industrial computer that works thanks to Linux. The installation of windows client is very simple, download the installer and run it. The installation of linux client is a bit more complicated but not much. Donwload the tar.gz file for your arch (i386 in my case) then extract files (tar xvzf btsync_i386.tar.gz) and finally run btsync (./btsync).

The windows client has a desktop gui in order to manage your shared folder with the windows system but linux client haven't got it. Linux client has a web gui that you can access it by enter the following URL in your browser:

http://localhost:8888/gui/

Inside my network everybody can access it by enter the following URL in its browser:

http://YOUR_LOCAL_IP:8888/gui/

The problem is that I am behind a DSR-500N router (Only I am behind that router, the rest of worker are connect directly with the company network) so I need map the router IP with the Linux client IP. In order to do that I do the following steps:

Step 1: Click on the Advanced tab and select Firewall Settings > Firewall Rules.

Step 2: Click Add.

Step 3: Create Rule:

From Zone: Insecure (WAN)
To Zone: Secure (LAN)
Service: HTTP
Action: Always Allow

Internal IP address: IP of local machine hosting service
Enable Port Forwarding: unchecked
Translate Port Numbers: Leave Unchecked
External IP address: Dedicated WAN

Step 4: Click Save Settings

And now the rest of worker can access to the web gui of Linux client.