It would be nice to allow user to disable possibility of turning on “remote UI” from Nabu Casa webpage and leave just local service to enable access.
Currently any person with access to Nabu Casa
account page, can open yours installation to internet.
I know that potential attacker would need to know a few things like:
- that you are using Nabu Casa
- Credentials to Nabu Casa
- Credentials to Home Assistant
But if we add just simple configuration switch
forbid_remote_ui_from_cloud would be great.
This should be implemented on HA side, not cloud.