iolaus Posted December 21, 2012 Posted December 21, 2012 I would like to have my ISY be usable without logging in. I trust the devices within my network and from the outside world I utilize a reverse proxy (nginx) which handles basic authentication and SSL.
johnnyt Posted December 22, 2012 Posted December 22, 2012 Me too. Sent from my iPod touch using Tapatalk
arw01 Posted December 22, 2012 Posted December 22, 2012 I three this, but in my case, I would like to have a self signed certificate that I can install into my browsers on my devices. If this certificate is found, then no login is needed. If it is missing the ISY would do the normal prompt process.
Michel Kohanim Posted December 23, 2012 Posted December 23, 2012 Hi arw01, We would certainly entertain client authentication via certificates. But this will only be available on 994 PRO series. With kind regards, Michel
arw01 Posted December 23, 2012 Posted December 23, 2012 Hi arw01, We would certainly entertain client authentication via certificates. But this will only be available on 994 PRO series. I did not happen to order the 994 Pro, but I think I saw an upgrade option that was software only? In my case, I use several Android devices, phones, tablets. I read something on the security that some certificates might not be available with phones. Alan
Michel Kohanim Posted December 23, 2012 Posted December 23, 2012 Hi Alan, Yes, you can upgrade to PRO online. I have not seen any mobile devices that easily support client authentication. With kind regards, Michel
SJK Posted August 15, 2014 Posted August 15, 2014 To awaken an old thread: I would like some form of client-based auth to the Ajax web interface by one of several possible mechanisms (In order of decreasing preference): 1) MAC address 2) specific IP address/subnet 3) Client certificate I would not want any of this for the admin interface. If you wanted to get fancy, you could limit access to the admin interface based upon the above, but I would still insist on a final username/password to access it. Obviously, my ISY is behind my firewall. If someone penetrated my LAN to get to my ISY, I would have much bigger problems. The ISY already responds to REST commands without any specific authentication already, no?
LeeG Posted August 15, 2014 Posted August 15, 2014 "The ISY already responds to REST commands without any specific authentication already, no? " No it does not. The userid and password are required.
johnnyt Posted August 16, 2014 Posted August 16, 2014 Any chance we'll see this in 5.0? I too only access ISY from LAN. If I want to access it away from home, I VPN into my LAN first and have bigger things to worry about than ISY if someone has hacked into it. Weird light or HVAC activity might actually help me detect a network intruder... I would add that regardless of any other option provided, I'd like to see it allow no credential access from an IP address range so I can continue to avoid the whole certificate thing, which is a hassle and too resource intensive for the current hw. Perhaps restrict it to the same non-routable LAN subnet ISY is on if that helps protect people from themselves and UD from undeserved bad press. I don't know if restricting it to a MAC address would work when I VPN in because I don't know what MAC is given to my session.
Michel Kohanim Posted August 17, 2014 Posted August 17, 2014 Hi johnnyt, We are definitely looking into more granular security and authorization. With all the hackers out there who love to hack into home automation systems, I am a little worried having no security especially if it's only based on source IP address since it can easily be spoofed and changed. With kind regards,Michel
Recommended Posts
Archived
This topic is now archived and is closed to further replies.