I’m a bit stuck on what I should do with the following warning regarding the Logitech Harmony remote;
XMPP is not enabled, using web sockets however this might not work with future Harmony firmware updates, please enable XMPP
If I go to harmony app to attempt to enable it reports;
WARNING! By enabling XMPP connection you are disabling a critical security feature required to safeguard you against vulnerabilities. This connection may create an unsecured local access point vulnerable to be hacked. We recommend all users disable this connection.
I’m not exactly sure what the potential security issue I’ll be opening than leaving HA currently to use WebSockets and if they later remove support to WebSockets switch over then?
Thanks for that - it would seem like Harmony aren’t going to provide any extra protections on that protocol - and as they haven’t mentioned that websockets are insecure then it seems like unless logitech drop or change the protocol it’s safer to stick with that for the time being.
I also struggle with this question. If i check the log for HA, i repeatedly get the message that XMPP is not enabled and that using web sockets could cause problems in further Harmony firmware update’s.
So that raises 2 questions, is it really necessary to activate XMPP within the Harmony app, or is this just a warning meaning ‘it can be but we’re not really sure…’
My second question, what would (did) you guys do, who had the same error? Did you activate XMPP and if so, is (are) there steps to consider or follow to ensure it isn’t a backdoor for hackers?
For the moment I will do nothing, because it isn’t clear for me that at a certain point my Harmony Hubs will no longer be accessible via HA and I only use the Harmony Integration for certain automation’s (for example: when the sun sets and someone is watching TV than activate the wall lights at 40% capacity etc…)
I don’t know for sure - I just read it as Harmony don’t have official support for the WebSockets method and only promised support of XMPP as is (with security issues), the warning I suspect is more that it can be withdrawn by Harmony at any time.
So as no mention of warnings about Security of WebSockets i’ll stick with that and decide what to do if Harmony remove that and force XMPP or see how the community responds and see how Harmony react to that…