Open bill-orange opened 6 years ago
marcoschwartz
commented
6 years ago Hi! For now that's not something possible with aREST, however that's planned :) What you could do is to use the cloud access and then no hacker would be able to access your devices as you would be accessing your devices via the online dashboard. However that would require your device to be connected to the Internet, so I don't know if that's something you consider doing.
bill-orange
commented
6 years ago I have many IOT devises exposed to the big cruel world using duck.DNS. Cloud access for this one device would confuse me!
I found a solution that is good enough for me but may not be good enough for others. I wrote an exposed function call 'int securityKey(String command)'. Using param = "something", you send it the security key. If the key you send matches the key written into the sketch then an integer named lockOut is set to False. The default on boot for lockOut is True. Entering a wrong key in param = "something" sets it back to True.
The Garage door opener function checks for the lockOut to be False before toggling the relay. It is a toggle because of this if statement in loop.
if (digitalRead(relay) == HIGH){ digitalWrite(relay, LOW); }
I may use millis() to reset lockOut to True 24 hours after is is set to False. That would add a bit more security.
Thanks for the input. My solution is a bit inelegant but I hardly thing Russian hackers are gong to be after my Harbor Freight circular saw.
Bill
marcoschwartz
commented
6 years ago Happy to hear you found a solution, closing this for now :)
I would like to use aRest_UI to open and close my garage door. Easily done. I made the on button momentary by adding:
if (digitalRead(relay) == HIGH){ digitalWrite(relay, LOW); }
to the loop function.
Just one problem. My UI pages is exposed through DuckDNS and I don't want some hacker opening and closing my garage door. Is there a way to add security such as a /user?something/password?something after the port number?