Authentication and security issue #15
Labels
help wanted
Extra attention is needed
Comments
|
Need some help here, maybe somebody with better skills in flask can provide some advice. |
|
Hi! Thanks for you quick reply. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there,
Can you please help me/us find a way to fix authentication for diyhue. Since we have to use port 80, diyhue is very exposed. Anyone who opens the hass url locally as well as publicly (all over the world!) has access to diyhue. The next security issue is that the long-lived hass token is plain displayed. So everyone can access hass if they want. User and password change are not a problem with the debugging workaround, but with the forced auto-login it makes no sense. Hopefully there is a solution because of all the options for emulated hue, diyhue is the only real working way to do it ATM!
The text was updated successfully, but these errors were encountered: