To tag onto what another user mentioned about Access Control, I thought I’d make a separate topic to really drive this one home…
WTH - Why is there no way for me to tell as the admin of my HA instance who is signed in, on what device, and from what IP address? This is basic security requirements and as of today, there is no way for me to easily (or at all?) find this information other than if someone fails at a login attempt.
I also cannot easily boot everyone out if needed, or selectively boot people out based on an “Access Control List”.
Use case for this:
- You accidentally expose port 8123 to the public (seen this WAY too much), and now anyone can try to brute force your HA login. Once logged in, there is no way for the admin to tell if someone is connected that should not be, they can just linger there until you eventually change your password, and you would be none-the-wiser.
The HA team has done a great job at putting security as a high priority, but this kind of control and security needs to be there.