Hi,
I’m using the hassio’s www folder to store pictures from the security camera as one the plugins requires them to be stored in there. I’m running HomeAssistant behind DuckDNS service. I just realized that the pictures are accessible to anyone in the internet knowing the direct web address them without any kind of password.
Can I somehow password protect the content in the folder so that it not wide open?
Can this cause security issues that the folder is that accessible?
Just that you know, someone trying to acces it needs to know your duckdns address and the exact path and the exact filename, they can’t browse the directories.
I had a similar use case but didn’t get any joy, it was suggested to use uuid’s for the file name so it’s unlikely that nobody could guess them, I thought that seemed reasonable.
What about that some graphical plugins (e.g. mini-graph-card) indicate in the installation instructions to but the code (.js file) in www folder.
Any security issues with that?
Can the file be put to some other directory not under www and indicate the path in dashboard resources ?
No issue with that, they can see the exact same thing as if they would go to the github page of the plugin.
No, not possible as far as I know.