Just to clarify - (normal) proxy servers will not record the authentication token.
Normal proxies will only see the hostname and port number portion of a HTTPS query.
The path and query string parameters are not passed in the clear during session setup (where they would be available to the proxy to record), they are only passed as part of the HTTPS query after the secure SSL session is established. The contents of the secured SSL session are not available to (normal) proxy servers.
The exception to this are those proxy servers which some larger organisations use which require you to install a certificate on your client device (or a “profile” on iPhones/iPads). These proxies use a “man-in-the-middle” approach (attack) to monitor the content of SSL connections. I make a point of not using ANY personal services (especially online banking!) on such networks. I’m also quite picky about which certificates I will allow on my personal devices.
Now - there is another potential way the authentication token could leak, which is via HTTP(S) referer headers. For this reason it would be better if the dashboard resources (CSS, javascript, images, etc.) could all reside on SmartThings’ servers under SSL URLs. You should also use some caution when adding links to the dashboard for external pages - are you happy with that destination server potentially getting a copy of your access token in the HTTP referer header?
Overall though, @Mbhforum is correct about how you should treat the URL.
Thanks for the clarification on the SSL logging. Yes, SSL decryption is enabled for a lot of companies for Data Loss Prevention and Malware analysis purposes. Proxy servers can have those capabilities and more and more companies are doing so since more and more sites are now SSL enabled.
Are they not hiding correctly because you were messing with the code? I have non standard modes that hide properly.
There is no way, at the moment, to change icons of modes other than Home, Away, Night. I will add this option for version 5 which is about a week away.
The endpoint URLs are meant to be unguessable. If you think the access token is compromised, you can reset it via SmartApp preferences. Also, if you remove access token from the URL, you can still authenticate with your ST username/password. This is listed in the documentation.
If someone gets the dashboard URL, they get access to exposed devices and exposed functions of these devices. On the other hand, if you loose you mobile device with active ST session, they get access to everything.
This thread is becoming unmanageable as it approaches 800 posts. There is a ton of invaluable information here that is berried in the volume of posts. When we move to version 5 in a few days, it will be even more difficult to find information here.
Please direct your discussion to these respective threads if applicable. These two primary topics will remain relevant going forward:
I try to keep the documentation up to date. Most universally applicable information goes to the head post and here: http://action-dashboard.github.io/
Is anyone having issues with the MJPEG tiles don’t want to be reordered. I try to move the MJPEG tiles to another location in the device list but after saving them they still appear in the same location. The moving of other tile types happens correctly.
@mkaplan2534, it’s not intuitive for MJPEG tiles like other tiles. To adjust MJPEG tile order, go to the MJPEG settings in your mobile app where you entered in the URL for each camera. Change the order in those settings to match the order you want your camera tiles to display. Top camera URL displays first.
@mkaplan2534, you should be able to reorder cameras regardless of the defined order. If it’s not happening it’s a bug and I will look into it.
If you take a camera tile and move it to the very beginning or the end of the list, does it change position? Or is it only only not changing the order between other cameras?
The camera tiles are staying together in the order created. I can move them to different positions but they won’t move unless I move them all in their order of creation. They like being together it seems.
Hesitated to call it a bug since I did modify your original MJPEG code a bit by adding hyperlink, and changing video and H2 W2 dimensions. Below that I also have some js to refresh only once after 5 seconds do deal with some occasional blank video on load issues I encountered.
Better first confirm @mkaplan2534 did not also modify your video/camera tile code.
Just tested to confirm. In Preferences > Device Order, moving the video tiles does not change video order. However, My video size settings equal tile size so the video covers the tile Title when it loads. For the split second that I can see the tiles before the video overlays, I see the tile Titles appearing in the correct sorted order, but actual video stream loads over those in the order created in MJPEG settings.
If I drag the clock tile into the middle of the video tiles order, the clock tile loads in dashboard first, then all the video tiles. Then when I open the app Preferences > Device Order again, the Clock tile has moved itself above the video tiles in the sort order. It won’t stick when dropped in the middle of the video tiles.
Hey @625alex, I sent you a small donation a couple days ago. It’s not much, but I just wanted to show my appreciation for your work
I know you have higher priorities, but if you get a chance, could you add a tile for shades/blinds? Toggle switches don’t work well because shades can’t be polled properly. The tile would need 3 buttons (like Sonos): Up, Down, and Stop.
I have created a custom device type for this android ip Webcam app. Let me know if you want to try it. Definately a wip. Eitherway, The address you want is http://username:password@hostname or ip:port/video. I would recommend trying without a username and password as its finicky with it.
