It was working with custom, I will create issue today
How about security of this addon? I do like and use external access to hass, but if someone breaks in they can only switch my light off. Once I add risco, I might be vulnerable.
Donāt you think some read only mode would be best for that? Some of us might use risco only for presence detection, without messing with system itself.
you can use code arm required / code disarm required options ā¦
Yeah, good point. Thanks! I like idea a lot. But addon requires me to provide code at the beginning. Is it stored somewhere?
thats the code from your risco panel user
i have created an extra user on riscocloud, a basic user , with a role to arm/disarm
he is working on it, maybe a fix today/tomorrow, i will give an update , meanwhile we can load it as custom again then or wait for 115.x
edit : tested and working now
load as custom, just change the manifest file to 0.3.1
done
or wait for next 115.1 , its included
resolved in v0.115.1 now available
About code arm required / code disarm required: idea is great but for now there is no sense in this setting. Reason: if I have access to hass, I can reconfigure integration not to ask for code and then I can easily disable alarm. Reconfiguration is not asking for code.
I think there should be some kind of safeguard against such situations.
dont leave your HA open then, secure it with an rfid or nfc ?
I would love to have hass fully secure. But I think it is better to be secure on all levels in this business.
I might have best hass security but if it fails, then believe me I do not want to give risco so easily.
I use this risco component, especially for binary sensors to turn on spotify and lights in the morning
And also nfc tags in the car, so when I am arriving home, I swipe with Android over the tag to disarm the alarm ā¦ Just for fun
+1 for that, talk about it to onfreund?
Security is a BIG issue here.
Anyway , you guys willing to share your frontend what you do with the alarm panel?
I donāt see the security risco here, you need to secure your HAā¦ So people canāt use your instanceā¦ If they canāt access your instance they canāt control your integrations.
Anyway, I donāt use the frontend anyway, I only use the binary sensors, and I have exposed risco to Google assistant, so I can turn the alarm off with my smart watch with voice
Thatās not entirely accurate - you need to be an admin user in HA to be able to configure an integration, so this is only a concern if the attacker gets a hold of an admin user (at which point they can do other crazy things to your system). If the attacker only has access to a regular user, theyāll need the code.
You are right. Only admin can reconfigure.
But whole system is as secure as its weakest link. I do not think this is bad idea just to further limit how much we can do with risco.
Over last years I heard lots of stories where someone was able to get admin or root priv. to mess around with system. I know it can happen to risco cloud as well. Or to nabu casa.
But assuming hass was compromised: attacker can do lots of crazy things but not really harmful. They can mess around with my light, delete everything. So what!
I added my gas heater to hass lately. It is in RO so they canāt kill me with heat or cold
If risco can be disabled, if they see my location (made for presence detection), there is nothing to stop them from robbing my home.
So as long as I understand your point of view, I still believe there should be some better safeguard.
Well, then use 2fa ? Thatās secure, and complex passwords for your rootā¦ No one can get in, and for sure not burglars
I do.
Banks do use it. And still, the most critical part of their infra is separated. I consider alarm system to be that kind of stuff.
But eot from my part. Letās leave it. Maybe someone will back me up
Still anyone willing to show their frontend using this?