By default, private networks assume that a user on that network is trusted until proven malicious - you're free to roam the building until someone reports you. If you can walk through the front door, you could walk into any home. Old models of security built on private networks operate like a guard at the front door of a large apartment building, except this apartment building does not have locks on any of the individual units. ⏲️Time to complete: ~45 minutes Cloudflare AccessĬloudflare Access is a bouncer that checks ID at the door. Place that client certificate on my iPhone.Use OpenSSL to convert that client certificate into a format for iPhone usage.Use Cloudflare's PKI toolkit to create a Root CA and then generate a client certificate.Build an Access policy to enforce mutual TLS authentication.Use mutual TLS (mTLS) authentication so that only requests from my iPhone are allowed.Avoid building a custom login flow into the app itself.Protect my prototype budget-entry app with authentication.Authentication occurs in the Cloudflare network and lets teams focus on securely deploying devices, from IoT sensors to corporate laptops, that solve new problems. While this is just one phone and a simple project, a larger organization could scale this up to hundreds of thousands or millions - without spending 45 minutes per device. Together, I can convert my device into a secure key for this application in about 45 minutes. To do that, I'll use Cloudflare Access in combination with an open source toolkit from Cloudflare, cfssl. For this project, I want to turn my iPhone into the only device that can reach this app. With Access, I can require a login to reach the page - no server-side changes required.Įxcept, I don't want to allow logins from any device. To do that, I'm going to use Cloudflare Access. I want to lock down this project I prefer that I am the only person with the power to wreck my budget. This form will then append those expenses as rows into the budget workbook. I'm building a simple web app, with a very basic form, into which I will enter one-off expenses. I'm working on a new project to make that easier. Opening the spreadsheet app, and then the specific spreadsheet, every time that I want to submit an expense is a little clunky. I manually input every expense into a spreadsheet app and use a combination of sumifs functions to track spending.