Hi I had to add a simple method to secure others from modifing the location of other track devices on our map system. I had people exploiting my map and corrupting tracks due to lack of security within traccar api format. to fix this problem I've added one more item in the json packet for the tracker client device to send with the keyword "passkey" example {"passkey":"asdfasdf"} added to the other keys in the json packet. My API server checks to be sure the ID matches with the passkey value in the db before the data is added to the database and ploted on the map. At this point only my android browser client device can support the new added security api stream. I hope at some point that the traccar client would also add the ability to add the passkey value to provide others the ability to add security using your android traccar client app. At this point if my site is again compromised by the traccar app insecure data, I will be forced to disable traccar devices on my server due to lack of security. My code is public at https://github.com/sacarlson/Trick_Tracker to checkout my code as an example with the php API front end section being https://github.com/sacarlson/Trick_Tracker/blob/master/record_track.php. Thanks and good luck
You are talking about Traccar Client protocol, but Traccar API (which uses authentication).
I agree that it's a good idea to add authentication. The problem is that none of the hardware devices actually use it, so the problem is not only with Traccar Client.
Feel free to send me a pull request if you have a solution.
Hi I had to add a simple method to secure others from modifing the location of other track devices on our map system. I had people exploiting my map and corrupting tracks due to lack of security within traccar api format. to fix this problem I've added one more item in the json packet for the tracker client device to send with the keyword "passkey" example {"passkey":"asdfasdf"} added to the other keys in the json packet. My API server checks to be sure the ID matches with the passkey value in the db before the data is added to the database and ploted on the map. At this point only my android browser client device can support the new added security api stream. I hope at some point that the traccar client would also add the ability to add the passkey value to provide others the ability to add security using your android traccar client app. At this point if my site is again compromised by the traccar app insecure data, I will be forced to disable traccar devices on my server due to lack of security. My code is public at https://github.com/sacarlson/Trick_Tracker to checkout my code as an example with the php API front end section being https://github.com/sacarlson/Trick_Tracker/blob/master/record_track.php. Thanks and good luck