I make no apologies for another post on security. I am still hoping for some more responses to this HA Security. Consensus? and I really want to keep that discussion focussed in order to make it useful.
So, is it possible to definitively state what opening port 8123 and directing it to hassio actually exposes you to?
By which I mean, does this ‘only’ allow a successful hacker to play with your lights or whatever else is exposed in your front end or would they also possibly have access to the actual config files too?
I suspect the answer will be that there is no definitive answer but some knowledgeable input would be appreciated.
I recently closed my port and to be honest for me HA is a bit rubbish without external access. Presence and location detection is a big part of it for me and I see no way of doing that successfully without opening port(s).
I am sadly very close to calling it a day and just using my current Pi based hassio as a standalone controller for my garden irrigation system (which works really well). I really see no future for HA if the security issue cannot be sorted out except for those who understand the very technical solutions - and don’t get me wrong, for those people HA is brilliant, I just don’t think it will reach a wider ‘market’. Which is perfectly fine if that is its ambition but in my opinion would be a shame because it has so much else going for it.