OpenGarage › Forums › Comments, Suggestions, Requests › Secure access to logs
Tagged: Security+
- This topic has 5 replies, 3 voices, and was last updated 6 years, 12 months ago by Ray.
-
AuthorPosts
-
December 3, 2017 at 4:47 pm #824
ChadParticipantI opened a port to access my Opengarage primarily for IFTTT integration. Unfortunately the software doesn’t require you to login before you can see all the settings and worse, look at the logs. I’m really concerned by this. Anyone who knows how to access this can easily look at the log and determine my patterns of coming and going and know if my car is parked in the garage. Can someone please update the software to require username and password before accessing any of the settings, controls, and logs, or at the very least, the Opengarage device key to see the logs.
Thanks,
ChadDecember 6, 2017 at 2:27 pm #825
lawrence_jeffParticipantWhen you say open a port – do you mean on your router via port forwarding?
It seems Blynk is the preferred way the developer use for remote access and it doesn’t require inbound access so not sure if this request would get much priority. I can look at adding it my firmware branch but not sure even with that how confident I would be putting this on the internet… there fundamentally isn’t any sort of protection for brute force attacks on the web API or Denial of service attacks…
Is there something IFTT does that you can’t get via Blynk?
December 6, 2017 at 9:39 pm #828
ChadParticipantYes, via port forwarding. I am using IFTTT plus apilio.io to do things like close my garage when my garage has been open for 20 and it’s after 10pm. If it’s before 10, send me an SMS if it’s open for more than 20 min. I can also use IFTTT with my Amazon Echo to “trigger close garage door” or “trigger open garage door” and it will close/open it checking the current state as opposed to just a reversal of the last state.
I’m not sure if Blynk can work with IFTTT. I was not only trying to avoid depending on another app and another service, but also it looked like IFTTT was to some degree integrated. It looks like only to send. To receive, the device had to be exposed publicly (hence the port forwarding).
December 7, 2017 at 1:26 pm #829
lawrence_jeffParticipantYes, IMHO the ifft integration is really only good for notifications which is an outbound request. It would involve another service but if you can use IFFT to trigger Blynk it would remove the inbound need; Blynk is fairly easy and you can query and open/close via a Blynk public URL that is then routed to the device (without port forwarding)
Also if you want to do a lot of workflow like this you might look at node-red, you can build flows that evaluate your time conditions, send the text and trigger the door – you can also tie in with Alexa .. you can run it all on your network on pretty much any device (I use a pi zero) I use it for similar things where I alert if the door is ever opened when neither mine or my wife’s phone is present on the home network. (The close after 10 is baked into my fork of the firmware)
Sounds like you have a good setup so probably aware of all this just thought I would mention alternative options
December 8, 2017 at 2:22 am #830
ChadParticipantThanks. I installed Blynk and following what was mentioned here:
I was able to very easily modify the WebRequests I had in IFTTT to perform the open/close of the door and close off the external access to the OpenGarage hardware. I think the instructions should never suggest port forwarding if the device doesn’t have the proper security in place to handle outside access.
January 1, 2018 at 11:21 pm #890
RayKeymaster@chalina: because we recommend using the Blynk app for remote access, we don’t actually recommend setting port forwarding for OpenGarage. You may have seen such instructions in our Tutorial on how to set OpenGarage to work with Amazon Echo or Google Home. Now that Blynk also supports HTTP API:
https://blynkapi.docs.apiary.io/
there is no need to use port forwarding anymore — you can use Blynk’s HTTP API for remote access even with Amazon Echo and Google Home, where the secret key is the Blynk token.Regarding Log and setting Options: without port forwarding, these are currently only supported when you are on your home WiFi. The reason is that options and log data are considerable amount of data and should not be sent to the cloud server. The good thing is that options generally don’t need to be changed frequently. Also, if you use IFTTT or MQTT notifications, the notification history is essentially the same as the Log data, so that’s an alternative way to keep log.
-
AuthorPosts
- You must be logged in to reply to this topic.
OpenGarage › Forums › Comments, Suggestions, Requests › Secure access to logs