Authentication

[krazyjakee]

I'd like my Arena instance to be effortlessly protected from prying eyes. Perhaps a configuration option for setting a password? The user would need to enter a password to access the interface.

[wearhere]

Agreed on the use of a password but not sure this needs to be built into Arena? If Arena is mounted into another server that server could be using HTTP Basic Auth or anything you liked.

[krazyjakee]

@wearhere I definitely hear what you're saying regarding the scope of Arena, that's really up to you guys. Basic Auth is perfect for that use case but when using standalone or just spinning up an arena docker container, there's nothing built-in that will protect the interface. I'm just digging the idea of this zero-effort configuration where you just fire up an instance of Arena, use the magical beautiful setup wizard and boom, you're done.

You don't have to convince me otherwise, if this is outside the scope, I will concede :)

[wearhere]

@krazyjakee if you can keep the code small and tightly-scoped (e.g. just Basic Auth, other forms of auth left to the client) I'm not necessarily opposed. Curious where would you store the creds though? Probably blocked on #59 then. Alternatively I suppose you could pass the desired password into the standalone server or the Docker container as an environment variable.

Note that even when running Arena standalone, there are ways to secure it at the network level. For instance, we at Mixmax run Arena without a password, but only accessible from within our VPN.

I can understand that it would be simplest to deploy it without that though, so Basic Auth seems like a decent compromise if you can get the rest of #59 working.