Hello, I am new to Traccar and have successfully installed an instance.
To give guests read access to a tracker, I have shared a device and restricted the rights for the temporary user. This works well and the guest only sees the device intended for them and cannot make any changes. Playing the history is deactivated and leads to an error message. This is all as expected. However, the details can be opened for the device. This leads to the URL, e.g. "./position/2285", where you can see all the information of the GPS tracker as a guest.
And with this knowledge, guests can now call up all of the tracker's data points and build up a complete history. Simply by adjusting the counter of the URL.
Is there a way to restrict access to the detail page of a device?
The aim is that a restricted user can only see the last position, but no history and no technical data points.
How to you build the history? You have to know IDs.
Simple count down the ID from the last position on the map to 0.
All information is displayed for all devices to which the guest has access.
This certainly takes time by hand, but for a simple script, this data is available very quickly!
The position history is switched off via the interface, but can be easily bypassed.
I guess in theory yes, but in most practical applications you have millions of positions per day.
Hello, I am new to Traccar and have successfully installed an instance.
To give guests read access to a tracker, I have shared a device and restricted the rights for the temporary user. This works well and the guest only sees the device intended for them and cannot make any changes. Playing the history is deactivated and leads to an error message. This is all as expected. However, the details can be opened for the device. This leads to the URL, e.g. "./position/2285", where you can see all the information of the GPS tracker as a guest.
And with this knowledge, guests can now call up all of the tracker's data points and build up a complete history. Simply by adjusting the counter of the URL.
Is there a way to restrict access to the detail page of a device?
The aim is that a restricted user can only see the last position, but no history and no technical data points.