That is a good point. And I think the main thrust of the discussion here is what is appropriate for new users and/or non-technical users. And for those users, their trust is better placed in using the connector then it is placing their trust in their own ability to configure, monitor, and mitigate risks on their own. Dropbox has a whole team of experienced experts to secure their system and they still failed. What hope does someone without such expertise have?
These are two different problems actually.
- Protecting OH from the openHAB Cloud.
- Protecting your other servers/services from openHAB Cloud.
Adding TSL and authentication to OH isn’t going to mitigate either of these risks. For 1, the openHAB Cloud Connector communicates directly with OH and with the openHAB Cloud server. Even back in OH 1.x that had authentication and authorization, you had to disable authentication on port 8080 so the Cloud Connector binding could talk to the server.
I don’t think that is still how that works. It might communicate directly with the event bus and internal APIs now. But in either case, adding the authentication there doesn’t protect OH from the openHAB Cloud because the Connector bypasses the authentication anyway.
All things considered, there are some serious security concerns even with the openHAB Cloud. For example, if you have the Exec binding installed, as many do, and you have given the openhab user blanket paswordless sudoer permissions, which so many people do, then someone who has access to your OH REST API can execute any arbitrary command on your OH server as root.
It also doesn’t help protect your other services and servers because all that means is there is some nominal authentication between the client and the OH server (i.e. your browser and the OH server) and the network traffic is encrypted. This mitigates your other services from monitoring your OH network traffic but doesn’t protect them from OH attacking them.
To protect your other internal services from OH, you need to enable TLS on those services and add authorization and authentication to those services.
There are all sorts of use cases for risk reduction. It is just that the vast majority of them do not involve OH directly. And even were OH to add authorization and authentication, these external methods of addressing the risk will be superior.
Not that security isn’t needed. It’s that the current solutions that involve external solutions like nginx will remain superior to anything that we will ever be able to implement in OH. So the incentive to implement something that is very difficult to implement is very low because no matter how hard we try we will never be as good as the solutions that already exist.
" I am pretty good at tennis , but I will never be as good as the wall." Mitch Hedberg