SSL or other encrypted connection to Server

Posted on
Fri Aug 17, 2018 4:34 am
Umtauscher offline
User avatar
Posts: 566
Joined: Oct 03, 2014
Location: Cologne, Germany

SSL or other encrypted connection to Server

Hi guys,

are there any plans to encrypt the connection to the server?

As todays IOT devices flood the home networks, I find it more and more disturbing to connect every client via an unencrypted tcpip connection with user credentials transmitted in the open.
Every device on the network is able to capture those credentials and transmit them somewhere.

I think at least a ssl connection would be standard nowadays.
So are there any plans to do it? Is there any workarround that I am not aware of?
Thanks

Wilhelm

Posted on
Fri Aug 17, 2018 4:52 am
Umtauscher offline
User avatar
Posts: 566
Joined: Oct 03, 2014
Location: Cologne, Germany

Re: SSL or other encrypted connection to Server

.... just found a post from Jay more than 4 years ago that https is on the request list.

How is this progressing? ;-)

Posted on
Fri Aug 17, 2018 8:08 am
RogueProeliator offline
User avatar
Posts: 2501
Joined: Nov 13, 2012
Location: Baton Rouge, LA

Re: SSL or other encrypted connection to Server

As todays IOT devices flood the home networks, I find it more and more disturbing to connect every client via an unencrypted tcpip connection with user credentials transmitted in the open. Every device on the network is able to capture those credentials and transmit them somewhere.

Your credentials are not being passed out in the open unless you have enabled a Basic authentication -- the Indigo server uses Digest authentication by default which isn't going to send your password in plain text across the network. So no other devices are going to be monitoring and capturing your password.

I think at least a ssl connection would be standard nowadays.

I do agree that adding SSL would be good, though this would only protect things calling back into Indigo, do you really have that many IoT devices making a connection TO Indigo? Maybe you do, not dismissing that, just mentioning because most plugins reach out from the Indigo server and having SSL there would not be beneficial in that instance.

So are there any plans to do it? Is there any workarround that I am not aware of?

There are workarounds, but they are not that easy and not a quick solution. Look, for instance, in the forum for "Reverse Proxy" and you should see some setups and examples. Obviously using the Reflector service provides an SSL connection from the outside as well.

Note that I am not disagreeing with you by any means, I agree that SSL would be nice to have - encrypting the traffic itself when possible (even if passwords are not in it) is definitely a good thing. Just providing a little more insight...

Adam

Posted on
Fri Aug 17, 2018 9:14 am
matt (support) offline
Site Admin
User avatar
Posts: 21411
Joined: Jan 27, 2003
Location: Texas

Re: SSL or other encrypted connection to Server

If the IoT devices are connecting to the Indigo Web Server and you haven't disabled HTTP Digest authentication, then the credentials are not transferred as clear text. HTTP Digest isn't the most secure protocol by any means, but it definitely isn't HTTP Basic Authen, which does just transfer credentials in the clear.

Indigo support HTTPS natively is definitely still on our request list, but as I'm sure you know by now we don't publish ETAs. :wink:

For a workaround you can setup Apache with an SSL cert (on the same Mac as your Indigo Server), then create a proxy to have that pass the requests on to the Indigo Web Server.

Image

Posted on
Fri Aug 17, 2018 9:16 am
matt (support) offline
Site Admin
User avatar
Posts: 21411
Joined: Jan 27, 2003
Location: Texas

Re: SSL or other encrypted connection to Server

Looks like Adam beat me to replying!

Image

Posted on
Fri Aug 17, 2018 9:51 am
Umtauscher offline
User avatar
Posts: 566
Joined: Oct 03, 2014
Location: Cologne, Germany

Re: SSL or other encrypted connection to Server

Thanks for your answers.
Unfortunately basic authentication is the only connection that works for me.
I am using a kiosk app to connect to the webinterface./controlpages.
If I don't enter the credentials in the url, this simply doesn't work, because every time the app refreshes the page the login dialog pops up again and again.
Using the Indigo client is not really user friendly because I cannot limit it to the control pages and I don't want users to mess arround with several devices or actions. nor can I define a "home" page on it.
So ssl was the only workarround that I could think of...

Page 1 of 1

Who is online

Users browsing this forum: No registered users and 3 guests