Jump to content

Password free REST API access for my remote.htm?


bTwix

Recommended Posts

Posted
Hi giesen,

 

Yes we can but even that requires development.

 

I am concerned that SSL is taking too long. It should NOT if the client (i.e. eKeypad) uses session resume. It should only take 10 second on the initial connection. The rest should be just a little longer than http (still less than a second).

 

With kind regards,

Michel

 

Michel,

 

It does seem to reuse the session if I keep the application in the foreground. Once it launches (and waits about 10-15 seconds to connect to the ISY), it takes about a second to turn on a device. The problem is, as soon as you switch to another app or the phone goes to sleep, it's takes another 10-15 seconds to connect again. Not sure if this is a poor implementation on the part of eKeypad or if it's a limitation of the iOS multitasking API (I suspect the latter), but with HTTP it's nearly instantaneous to load and then control. Hence my suggestion of implementing HTTP Digest authentication. It wouldn't require a rewrite of your access control model, just the implementation of the digest mechanism. Still not a trivial task I'm sure, but hopefully a lot easier than some of the other (worthy) suggestions.

 

Another alternative would be to implement support for multiple users, so I could assign a different user for each device using the REST API, and at least if one is compromised I just reset the password for that one device. Kind of a backdoor way of implementing API keys.

Posted

Hi Alan,

 

Session resumption is a feature of TLS that basically reuses the negotiated keys across multiple connections so that you would not have to incur the cost of negotiating keys (10 seconds) on every connection.

 

Hi giesen,

 

Understood and you are correct on both counts. We do have multi-user requirement on our plate AND we do have plans for a security enhancement release. So, at least there's hope!

 

With kind regards,

Michel

  • 4 months later...
Posted

Hi Michel,

 

>> Adding a simply boolean at /USER/WEB is easy.

Is this in the current firmware? I'm still looking to host my remote.htm on ISY with anon access for all /USER/WEB, so I can ditch my windows server.

 

Hope you're having a good holiday!

 

Cheers,

Phil

Posted
Hi Michel,

 

>> Adding a simply boolean at /USER/WEB is easy.

Is this in the current firmware? I'm still looking to host my remote.htm on ISY with anon access for all /USER/WEB, so I can ditch my windows server.

 

Hope you're having a good holiday!

 

Cheers,

Phil

 

You might want to consider a raspberry pi and throwing a reverse proxy on that, very lower power and I find them great companions to my ISY (I use them to filter and send alerts, manage my sonos, hue, etc tied to my ISY's)

 

Bill

Posted

>> raspberry pi

Thanks, Bill. Will look into that.

 

>> We do have plans to include such features in our 5.0 framework next year.

Awesome, looking forward to that drop.

Posted

Bill,

 

The Raspberry Pi front-end is working great for hosting my remote/proxy on top of ISY. Loaded Apache and did a simple Python proxy to inject the creds. Thanks again for the suggestion. I'm going to get this kit for my brother's kids to play with as well. Very cool stuff!

 

Cheers

Guest
This topic is now closed to further replies.

×
×
  • Create New...