Announcement

**randy** · January 14, 2019, 02:55 PM

Here is what changed:

PHL2 no longer has its own web server. It now uses HomeSeer's web server. As a result you will forward an external port to your HomeSeer web server's port - default 80. You will use HomeSeer login credentials with normal privileges. There are no longer separate PHL2 credentials.

For this reason I believe MyHS to be a better solution for security reasons, unless you have enabled SSL on your HomeSeer server.

I am testing my VPN and it is working well. For that there is no need for credentials at all. After the test I may go back to MyHS as it was totally reliable and fast.

EDIT: Al tested and succeeded with Normal privileges. This would enhance security. I still believe it would be prudent to consider MyHS as opposed to an open port to the Internet.

EDIT2: It also works with Guest User Rights

**sparkman** · January 14, 2019, 02:59 PM

Originally posted by rprade View Post

You will use HomeSeer login credentials with admin privileges..

I created an account specific for Geofency with no admin privileges. Would that not be a better way to go? Why use an admin account for that?

**randy** · January 14, 2019, 03:44 PM

Originally posted by sparkman View Post

I created an account specific for Geofency with no admin privileges. Would that not be a better way to go? Why use an admin account for that?

Absolutely. I just wasn't sure how HS handles access. I was going to try to test later to see what level of access was required. Did you try Guest?

**sparkman** · January 14, 2019, 04:00 PM

Originally posted by rprade View Post

Absolutely. I just wasn't sure how HS handles access. I was going to try to test later to see what level of access was required. Did you try Guest?

I did not try Guest. I have it set as a "Normal" user and deselected Event Access, Counters Timers Access and Log Access. Let me know if it works for Guest.

**MNB** · January 14, 2019, 04:03 PM

Originally posted by sparkman View Post

I created an account specific for Geofency with no admin privileges. Would that not be a better way to go? Why use an admin account for that?

Al, are you saying that you created an additional User Name/Password for PHL2 in the "Setup>Network" tab under "Web/HS Touch User Settings" as "Guest"? I'm trying to keep up with the thread in my understanding. Mike

**MNB** · January 14, 2019, 04:06 PM

Originally posted by rprade View Post

For this reason I believe MyHS to be a better solution for security reasons, unless you have enabled SSL on your HomeSeer server.

Randy, why would one have enabled SSL (in the Labs tab) and what benefits would it present? Mike

**sparkman** · January 14, 2019, 04:10 PM

Originally posted by MNB View Post

Al, are you saying that you created an additional User Name/Password for PHL2 in the "Setup>Network" tab under "Web/HS Touch User Settings" as "Guest"? I'm trying to keep up with the thread in my understanding. Mike

Hi Mike, yes, except not as "Guest", but as "Normal" with Event Access, Counters Timers Access and Log Access deselected. Randy will try as "Guest". This is for GeoFency authentication.

Cheers
Al

**randy** · January 14, 2019, 04:12 PM

I just tested Guest privileges.and it also works. Al, you can just change the User Rights to Guest and test yours.

**MNB** · January 14, 2019, 04:14 PM

I too am using GeoFency are you saying there's any issue with authentication? I noticed that I'm able to create HS3 devices from GeoFency app when I either depress Entry/Exit Test and HS3 devices change every time either one is selected but I do not see my HS3 Log being update when those actions occur unless there is a error occurring. Mike

**The Profit** · January 14, 2019, 04:19 PM

Originally posted by rprade View Post

Here is what changed:

PHL2 no longer has its own web server. It now uses HomeSeer's web server. As a result you will forward an external port to your HomeSeer web server's port - default 80. You will use HomeSeer login credentials with normal privileges. There are no longer separate PHL2 credentials.

For this reason I believe MyHS to be a better solution for security reasons, unless you have enabled SSL on your HomeSeer server.

I am testing my VPN and it is working well. For that there is no need for credentials at all. After the test I may go back to MyHS as it was totally reliable and fast.

EDIT: Al tested and succeeded with Normal privileges. This would enhance security. I still believe it would be prudent to consider MyHS as opposed to an open port to the Internet.

Gotcha, so I’ve deleted the rule in my router for port forwarding and changed the web hooks in Geofency to the MyHS link...so far seems to have fast updates in HS. So the user that you are using for this should be a Geofency user with “Guest” access? Correct? I have to set that user up in the MyHS account management page too, correct?

Sent from my iPad using Tapatalk

**sparkman** · January 14, 2019, 04:22 PM

Originally posted by rprade View Post

I just tested Guest privileges.and it also works. Al, you can just change the User Rights to Guest and test yours.

Thanks Randy!

**randy** · January 14, 2019, 04:22 PM

Originally posted by MNB View Post

Randy, why would one have enabled SSL (in the Labs tab) and what benefits would it present? Mike

If you have a valid certificate installed and if you enable SSL communications are all encrypted. Without SSL all communications are unencrypted. It would be very easy for a nefarious entity to capture any data between any device and another over unencrypted communications.

For example, the username and password sent to your home from your phone, every time a GeoFency post is sent, can easily be intercepted and read. If you use RDP to access a computer over an unencrypted port forwarding scheme, the user name and password to that computer are exposed.

The argument is that it is very unlikely that a nefarious individual would bother with your home IP. Unlikely is really not good enough.

**sparkman** · January 14, 2019, 04:24 PM

Originally posted by MNB View Post

I too am using GeoFency are you saying there's any issue with authentication? I noticed that I'm able to create HS3 devices from GeoFency app when I either depress Entry/Exit Test and HS3 devices change every time either one is selected but I do not see my HS3 Log being update when those actions occur unless there is a error occurring. Mike

Not saying there's an issue. With PHL1, there was a specific user account within PHL1 that GeoeFency used to authenticate. I had created the same user account in HS since PHL2 uses the built-in HS web server so wanted to ensure it properly authenticated. What user account did you configure within GF to authenticate to the HS server?

**randy** · January 14, 2019, 04:25 PM

Originally posted by The Profit View Post

Gotcha, so I’ve deleted the rule in my router for port forwarding and changed the web hooks in Geofency to the MyHS link...so far seems to have fast updates in HS. So the user that you are using for this should be a Geofency user with “Guest” access? Correct? I have to set that user up in the MyHS account management page too, correct?

Sent from my iPad using Tapatalk

You are mixing two different method. If you use MyHS, you do not control the user, HomeSeer does through the MyHS communication protocol. Unless I missed something MyHS always gives admin access.

**MNB** · January 14, 2019, 04:26 PM

Thanxs Randy for the explanation! It sounds like your suggesting that we use the SSL methodology (once I'm up and running) Mike

Announcement

PHLocation V2 Discussion

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment