What about security

[Seth57 0]

Hello

 

I can see my mobile sending authentication in clear text to homecenter over the internet

could you please add SSL support ?

 

Mobile device is also accessing Fibaro servers frequently

Why ?

 

The homecenter is a personnal device and should not send informations to you without any notification and explanation

 

Personnaly, traffic to fibaro servers is blocked by firewall policies but i'm not able to control mobile trafic 

So please explain us what is this trafic for ?

 

Thanks in advance

 

 

[T.Konopka 8]

Hello

 

I can see my mobile sending authentication in clear text to homecenter over the internet

could you please add SSL support ?

 

Mobile device is also accessing Fibaro servers frequently

Why ?

 

The homecenter is a personnal device and should not send informations to you without any notification and explanation

 

Personnaly, traffic to fibaro servers is blocked by firewall policies but i'm not able to control mobile trafic 

So please explain us what is this trafic for ?

 

Thanks in advance

 

Hello,

 

What connection do you have in mind? Local or remote?

[fi-bar-oh 47]

I'm sure mobile has been mentioned

Please login or register to see this image.

/emoticons/default_icon_wink.gif" alt=";-)" /> one would assume remote connection

Edited September 23, 2016 by Supernode

[redsave 6]

Regarding HTTPS, I got this response from Fibaro Support:

 

Quote

 

Hello, At this moment we do not have in the plans to implement https protocol in local access. The customer decides / insures the security of the home network – access to the eg router settings also is without https The introduction of https for local access could increase the response time of the controller (due to additional security) On our side, we strive to provide the highest level of security for remote access (including https) But I will pass your suggestion to the department responsible for develop. Have a nice day!

--  Pozdrawiam,  Regards,  Rafał Ciesielski  Technical Support Engineer

 

 

It's true what they say about the home router (generally) but you're not supposed to access the web page of the router at the same regularity of your domotic system!

They're also offering your system to hotels so I do not see how they can say http is secure to use. You say that if I can spoof the other guests credential over wifi the system is secure?

It's also true that the introduction of https for local access could increase the response time of the controller but I have not asked them to disable http, so that's a choice of the user.

So I do not see any obstacle to the introduction of this functionality but only benefits.

 

At the same time, they are incentivating the use of dynamic DNS (fixing bugs preventing it... 

Please login or register to see this link.

) which of course it's terrible since using that is sending clear-text passwords over the network (even remotely!).

The DDNS functionality would be extremely positive if the app could use the HTTPS connection (which it's inexistant on the HC2, but we can at least install a proxy)

 

Do not suggest the use of a VPN, of course it is possible but very unhandy to use just for Fibaro.

 

I wonder when we will see the light of the HTTPS...

[ronnyvdb 0]

People who are running pfsense as their firewall could make use of the HAproxy package to create a ssl reverse proxy to http.

This way you can secure your public connection to your homecenter with ssl or tls, allowing for the basic auth taking place to be encrypted.

Someone sniffing on the internet would not be able to read your basic auth, since it would be encrypted by ssl or tls.

[nanathlor 0]

Have to agree, I can't see any reason why SSL should not be enabled and saying that it will "slow the system down" is a pathetic non-answer.

I would also like the ability to enable SSL (or disable SSL) and to have the ability to add my own SSL certificate, every other device and web appliance I have can do this.