0

I have a web server that will be used to manage the stock of a warehouse in a factory. The web server will be accessed only locally so the clients can update and view the available stock. The server can be accessed by 192.168.0.10/index.html and all clients connected to the local network can view it without https. The stock data are not critical (nothing really bad will happen if someone who enters the local network can view the web server, as he/she can physically see the stock).

Do I need to make the current http connection https? And use certificates between the server and clients in the local environment? Is there any danger besides looking at the stock info?

schroeder
  • 123,438
  • 55
  • 284
  • 319
uzer123
  • 1
  • The short answer is that you need to understand the threat models, and we can't do that for you online. – schroeder Sep 13 '22 at 12:02
  • Are there credentials involved? And is abuse of said credentials possible? How mission critical is it for an user to see information from the real server and not information provided by an attacker? This is some of the information you need to disclose in your improved question. The answer will most likely be yes. – Bruno Rohée Sep 13 '22 at 13:09
  • What do you mean by credentials? Users will not have to use credentials to use the platform if this is the question. Sorry i dont understand this sentence "How mission critical is it for an user to see information from the real server and not information provided by an attacker? " – uzer123 Sep 14 '22 at 07:25

0 Answers0