Securing amazonechoaccount page on openhab

Hi guys,

On installing and logging into the amazonechoaccount binding, I get the information about my amazon account on: http://myip:8080/amazonechocontrol/.

My concern is that, even when logged off the openhab account, I am still able to see that page and the information there. Should I be logging off amazon after setting it up or does the information remain easily accessible by anyone in the house? Or am I missing anything?

Thanks for the assist!

What exactly are you concerned about? That address is on your local network (unless by myip you mean your externally exposed to the Internet IP in which case you’ve got bigger problems to solve first). Only someone who is on your LAN can access that URL. If you are worried about the users already on your LAN, you’ve got bigger problems than this too.

Furthermore, that URL is how Amazon is able to talk to openHAB. If you log out or otherwise put that behind some sort of username and password you will probably break the integration.

Finally, the openHAB 3 authentication is new and I’m not surprised it this add-on does not yet take advantage of it. You could file an issue on the binding and see if that authentication can be added to the binding in such a way that it doesn’t break the integration itself.

Hi rlkoshak,

Thanks for the feedback. I did mean local network. I currently share the wifi with other people and therefore was wondering about securing it.

Sure will log an issue for the same.


If you need to secure your openHAB on your LAN, you need to put it behind a reverse proxy and configure the machine’s firewall so the only way to reach openHAB is through that reverse proxy. Though when you do that it will likely break your Alexa Control binding as Alexa needs to be able to access your OH server and I’m pretty sure it doesn’t handle authentication/authorization.