The computer I’m currently using is setup to clear out login information every time the browser is shut down. This is a security measure because this particular user account is the generic volunteer account, so we don’t want people to forget to logout of their email, for example.
As a result, any time we try to access Lovelace after shutting down the browser, we’re prompted to login.
Is there a way to authenticate this machine permanently in HA?
Ahh…yes. Derp. I’m using the custom header integration for Lovelace. Will the trusted networks feature affect its ability to restrict content based on the user?
You can trivially bypass CH by adding ?disable_ch to the URL.
If you’re giving people access only to a non-admin user there’s less of an issue, but anybody on that PC can connect to HA and interact with it as that user. They can do anything that user can do, and right now there’s very little limitation on what people can do.
Ahh yes, these are all very valid points. Thanks for the reminders.
At this point, HA only serves two purposes for us.
We use NodeRED to call a URL that triggers our lighting system to turn on or off the house lights and…
Sanctuary thermostats.
That’s all we have currently for integration into our systems here. So at this point, I’m not terribly concerned with whether or not someone can get to the system…
And the likelihood of that happening anyway is less than 1% since nobody here has a clue about HA or I.T. stuff. ;).
Good to know though. I wouldn’t want to integrate a security system with it in this environment.