Originally posted by Moskus
View Post
Announcement
Collapse
No announcement yet.
We need native HTTPS support!
Collapse
X
-
Originally posted by rjh View PostI don't know why there is a push back on MyHS, we have made it very reliable (I use it every day), and it uses SSL, and its free. Why should we provide yet another secure solution for accessing your home system? That is so complicated that only the really technical can use it?- MyHS is much faster now than it was before, but it is still noticably slower. We need a EU server.
- Can you tell me how I can add support for e.g. my own app, WinSeer? I'm sure it's possible but I can't figure out how.
- I want to stay logged in for as long as I want.
Other than that, I don't have anything against MyHS, but it is still yet another (relatively slow) cloud connection I am hoping to avoid.
Leave a comment:
- MyHS is much faster now than it was before, but it is still noticably slower. We need a EU server.
-
The local web interface is not going away, you will always be able to manage your system locally, without an Internet connection.
You really cannot use SSL securely without a domain. Sure you can create a self signed cert, but that is not really secure.
I don't know why there is a push back on MyHS, we have made it very reliable (I use it every day), and it uses SSL, and its free. Why should we provide yet another secure solution for accessing your home system? That is so complicated that only the really technical can use it?
There are bunch of free tunneling apps out there that you can run on your PC and it will allow you to securely tunnel into your home system. Also, as mentioned, you can use a VPN. So there are solutions available for the technically minded.
Originally posted by Bestgear View PostI think "impossible" is a very strong word and SSL/Certs are normally an easy setup for those that feel they need it.
I would also say that there is a very strong case not to depend on any cloud service, including MyHS within Homeseer or indeed any HA product. Cloud can add value, but we all know key functionality is easily tripped up due to availability or rather lack of it.
It would be a sad day when and if HS relies on MyHS and if the local web interface were to dissapear I am sure many users would too.
David
- Likes 1
Leave a comment:
-
Originally posted by rjh View Posthttps is impossible to set up on your own system as you need a certifcate to use properly. So we will probably be removing it in a future build. MyHS uses HTTPS and that is the recommended solution.
I think "impossible" is a very strong word and SSL/Certs are normally an easy setup for those that feel they need it.
I would also say that there is a very strong case not to depend on any cloud service, including MyHS within Homeseer or indeed any HA product. Cloud can add value, but we all know key functionality is easily tripped up due to availability or rather lack of it.
It would be a sad day when and if HS relies on MyHS and if the local web interface were to dissapear I am sure many users would too.
David
Leave a comment:
-
https is impossible to set up on your own system as you need a certifcate to use properly. So we will probably be removing it in a future build. MyHS uses HTTPS and that is the recommended solution.
Leave a comment:
-
We need native HTTPS support!
Originally posted by Moskus View PostThere's a problem with that argument.
HomeSeer is sold and markedet as a product not depending on cloud connections, and running locally.
Being able to securely access HomeSeer only through HSTs cloud service is somewhat strange then, isn't it?
As I stated in my previous post, I don't agree with HST's direction either and filed a bugzilla on it when Chrome was updated and no longer supported the old TLS. I don't agree with Google's/Chrome's stance either, but I suspect they are even less open to feedback than HST is.You still have an option of implementing your own VPN, which is what I did. Unless most HS users file a bugzilla asking HS to update SSL/TLS, I expect nothing will get done.
Cheers
AlLast edited by sparkman; March 1, 2017, 08:26 AM.
Leave a comment:
-
Originally posted by Moskus View PostThere's a problem with that argument.
HomeSeer is sold and marketed as a product not depending on cloud connections, and running locally.
Being able to securely access HomeSeer only through HSTs cloud service is somewhat strange then, isn't it?
Leave a comment:
-
Originally posted by sparkman View PostI believe HS has stated in other threads and on Bugzilla that they are not planning to support newer versions of SLL/TLS as the MyHS service is a replacement for it.
HomeSeer is sold and markedet as a product not depending on cloud connections, and running locally.
Being able to securely access HomeSeer only through HSTs cloud service is somewhat strange then, isn't it?
- Likes 1
Leave a comment:
-
I had not heard about any bugs either, but it does use an outdated version of SSL/TLS so is pretty much useless at this point. I believe HS has stated in other threads and on Bugzilla that they are not planning to support newer versions of SLL/TLS as the MyHS service is a replacement for it. I don't quite agree with that stance and they should remove the SSL functionality completely if that is indeed the case. I use a VPN as well for most of my remote access, but having options is always nice.
Cheers
Al
Leave a comment:
-
I do not know if there are bugs in the HTTPS web server or not - I do not use this...but I'd personally rather have the team focusing on product improvements as they have offered other solutions (the My Homeseer service). Personally, I just use OpenVPN and forget about it.
If I EVER really NEED to access my system through remote, I just wait for the OpenVPN link to establish.
If I can't wait that long, typically it is only 1 specific thing...and you could use Push Bullet or as I do, use AutoRemote. I use this for things like opening my garage, controlling certain lights in the house. Aside from that, I typically can just wait for the OpenVPN + HSTouch to open up.
--Dan
Leave a comment:
-
Originally posted by Moskus View PostSo there's a bug in HomeSeer that give unauthorized users access to their HS systems. And apparently this is really easy to access other systems.
Rich says he has this fixed in beta .311 which is available here, and I'm currently installing despite my skepticism for betas.
But while we're looking at security issues, can we talk about the horribly buggy HTTPS web server built into HS3?!
Why isn't this working properly?!
I can't for the life of me not understand why HTTPS isn't available and being promoted as a more secure connection.
After all, HomeSeer is controlling our lives. It would be great if it also attempted to be somewhat secure.
+1
---
John
Leave a comment:
-
We need native HTTPS support!
So there's a bug in HomeSeer that give unauthorized users access to their HS systems. And apparently this is really easy to access other systems.
Rich says he has this fixed in beta .311 which is available here, and I'm currently installing despite my skepticism for betas.
But while we're looking at security issues, can we talk about the horribly buggy HTTPS web server built into HS3?!
Why isn't this working properly?!
I can't for the life of me not understand why HTTPS isn't available and being promoted as a more secure connection.
After all, HomeSeer is controlling our lives. It would be great if it also attempted to be somewhat secure.Tags: None
- Likes 1
Leave a comment: