Jump to content

REQUEST: Disable Security


iolaus

Recommended Posts

Posted

I would like to have my ISY be usable without logging in. I trust the devices within my network and from the outside world I utilize a reverse proxy (nginx) which handles basic authentication and SSL.

Posted

I three this, but in my case, I would like to have a self signed certificate that I can install into my browsers on my devices. If this certificate is found, then no login is needed. If it is missing the ISY would do the normal prompt process.

Posted
Hi arw01,

 

We would certainly entertain client authentication via certificates. But this will only be available on 994 PRO series.

 

 

I did not happen to order the 994 Pro, but I think I saw an upgrade option that was software only?

 

In my case, I use several Android devices, phones, tablets. I read something on the security that some certificates might not be available with phones.

 

Alan

  • 1 year later...
Posted

To awaken an old thread:

 

I would like some form of client-based auth to the Ajax web interface by one of several possible mechanisms (In order of decreasing preference):

 

1) MAC address

2) specific IP address/subnet

3) Client certificate

 

I would not want any of this for the admin interface. If you wanted to get fancy, you could limit access to the admin interface based upon the above, but I would still insist on a final username/password to access it.

 

Obviously, my ISY is behind my firewall. If someone penetrated my LAN to get to my ISY, I would have much bigger problems.  The ISY already responds to REST commands without any specific authentication already, no? 

Posted

"The ISY already responds to REST commands without any specific authentication already, no? "

 

No it does not.   The userid and password are required.

Posted

Any chance we'll see this in 5.0? I too only access ISY from LAN. If I want to access it away from home, I VPN into my LAN first and have bigger things to worry about than ISY if someone has hacked into it. Weird light or HVAC activity might actually help me detect a network intruder...

 

I would add that regardless of any other option provided, I'd like to see it allow no credential access from an IP address range so I can continue to avoid the whole certificate thing, which is a hassle and too resource intensive for the current hw. Perhaps restrict it to the same non-routable LAN subnet ISY is on if that helps protect people from themselves and UD from undeserved bad press. I don't know if restricting it to a MAC address would work when I VPN in because I don't know what MAC is given to my session.

Posted

Hi johnnyt,

 

We are definitely looking into more granular security and authorization. With all the hackers out there who love to hack into home automation systems, I am a little worried having no security especially if it's only based on source IP address since it can easily be spoofed and changed.

 

With kind regards,
Michel

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...