Jump to content

REQUEST: Disable Security


iolaus

Recommended Posts

Hi arw01,

 

We would certainly entertain client authentication via certificates. But this will only be available on 994 PRO series.

 

 

I did not happen to order the 994 Pro, but I think I saw an upgrade option that was software only?

 

In my case, I use several Android devices, phones, tablets. I read something on the security that some certificates might not be available with phones.

 

Alan

Link to comment
  • 1 year later...

To awaken an old thread:

 

I would like some form of client-based auth to the Ajax web interface by one of several possible mechanisms (In order of decreasing preference):

 

1) MAC address

2) specific IP address/subnet

3) Client certificate

 

I would not want any of this for the admin interface. If you wanted to get fancy, you could limit access to the admin interface based upon the above, but I would still insist on a final username/password to access it.

 

Obviously, my ISY is behind my firewall. If someone penetrated my LAN to get to my ISY, I would have much bigger problems.  The ISY already responds to REST commands without any specific authentication already, no? 

Link to comment

Any chance we'll see this in 5.0? I too only access ISY from LAN. If I want to access it away from home, I VPN into my LAN first and have bigger things to worry about than ISY if someone has hacked into it. Weird light or HVAC activity might actually help me detect a network intruder...

 

I would add that regardless of any other option provided, I'd like to see it allow no credential access from an IP address range so I can continue to avoid the whole certificate thing, which is a hassle and too resource intensive for the current hw. Perhaps restrict it to the same non-routable LAN subnet ISY is on if that helps protect people from themselves and UD from undeserved bad press. I don't know if restricting it to a MAC address would work when I VPN in because I don't know what MAC is given to my session.

Link to comment

Hi johnnyt,

 

We are definitely looking into more granular security and authorization. With all the hackers out there who love to hack into home automation systems, I am a little worried having no security especially if it's only based on source IP address since it can easily be spoofed and changed.

 

With kind regards,
Michel

Link to comment

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...