I don’t want to use VPN, because because I don’t need it. Also I don’t want to another app for ssh client, and forward ports, because sometimes it disconnected. It will be nice, if HA mobile app will have its own ssh client, and it will reconnect automatically and mobile app can connect through this ssh. Very often, ssh port 22 is already open on routers, https will be not necessary, because ssh is already secure. It can be pluggable module in HA official app. Also, maybe not ssh, but another protocol, witch is secure to open on internet without https certificate.
Basically nabu casa service offered by HA team is doing that perfectly and a nice way to support project by a modest contribution
Unfortunately, nabu casa not support all voice assistants. Moreover, the solution proposed by me does not require servers. Moreover, having a powerful mobile device and application, some of the encryption calculations can be transferred to the mobile client. + If you always open remote access in nabu casa, there is a risk of new security threats. In this case, there will be no security threats at all, since the HA web is never accessible from the Internet, and ssh ensures security. You can choose different levels of security, ssh keys, password, password + keys. And also, for super security, nabu casa can also implement ssh, for mobile only users. And making plans for the future HA can make official clients for Macbook, Linux and Windows
I just thought it would be better to use ssl pinning over https
Сan Nabu casa separately give access to the Api, without UI?
I would like to propose an enhancement to the security measures of our user interface to better protect our system against potential security hacks.
Upon further consideration, it appears that many security breaches occur due to the ability to execute code on the frontend. To mitigate this risk, I suggest a system that would transfer user clicks to the server for processing, while receiving video from the server instead of executing code on the frontend.
While I understand that this approach may not be practical for all types of applications, I believe that it would significantly reduce the risk of certain types of attacks, such as cross-site scripting (XSS) attacks.
However, it is important to note that Turing completeness is not inherently related to security, and that security is a multifaceted issue that requires a holistic approach. Therefore, in addition to limiting code execution on the frontend, other security measures such as input validation, access control, and encryption should also be considered.
I hope that this feature request can be considered as a potential solution to enhance the security measures of our user interface. Thank you for your consideration.