Cool.
fwiw I see both perspectives as having validity. Considering we're still in the 1st year, I think it's completely fair to use the 80/20 rule, there's so much to do when starting from scratch. That said, hopefully some of the remaining 20% of concerns can gradually be looked at in time.
Just a side note, I updated to 2.0.1 this morning and still have 1.1.7.120 as a roll back option. I never installed 2.0.0.102. I went straight to 2.0.0.104.
You can roll back to 2 previous versions. So until your next upgrade, someone could indeed thwart your user login by rolling back.
Yes, Until I upgrade to the next release which I'm sure won't be long 
Haha, yeah, like today with a hot fix...
Reading through the forums I found out about this other page that allows you to reboot the Hub.
Please add that page to the feature request as well, I think moving the reboot function inside this page after securing it would be the best idea...
I do not want to go back to the discussion of if this is really insecure or not, no point to that as it all comes down to each one's opinion on security, just leaving the comment here in case this feature request is ever considered. I will just say that being able to halt your home's automation at will is not a good idea for example for people using HSM with windows and door sensors and notifications, etc.
The reboot url is already behind the login / security
Please don't take my disagreement as a slight. I have a very different view on HA at this stage of the game. I respect your point of view because we know the HA world needs to start getting a lot more security conscience as this industry becomes more mainstream.
But it is my belief, that if you are doing home automation at this moment in time, you are inherently exposing yourself to risk. This is why I have nothing that is life safety related dependent on my hubitat. Currently it only supplements these tools or provides an added level of convenience.
As such, it is my vote that we do NOT add the ability to reboot the hub behind another firewall. The ability to remotely reboot my hub is one of the features I love about Hubitat.
Again the above is simply my opinion and may be overruled by the majority...but I really hope that is not the case.
Stephan
I just did this and my hub restarted:
Invoke-WebRequest -Uri "http://ipaddress:8080/hub/restart" -Method Post
Not at all, that is why I said it all comes down to each one's opinion on security...
do you have a login turned on?
Yes I do.
I just did a test using POSTMAN, a raw POST will not be authenticated.
I don't use windows, but I assume an Invoke-WebRequest opens or uses the default browser, which has an authenticated session.
Try logging out first and then do your test.
...I just tried my Tasker reboot task and it failed.
Hopefully I can find a way to authenticate through tasker.
Even better, I just remoted to a PC where I have never used Hubitat from, to be sure I opened a browser and went to the hub and got the login page, closed it without logging in...
I executed the powershell line and my hub restarted.
So I did this instead:
$response = Invoke-WebRequest -Uri "http://ipaddress:8080/hub/restart" -Method Post
$response.RawContent
and I can confirm that indeed the page received is the login page, yet the hub does restart every time.
Looking into it. Thanks for reporting it.
Take your time...no rush here
Btw, my tasker task did reboot the hub. I just ran the wrong one....so it's just another data point that the hub can be rebooted without authentication.
Again...no big deal...focus on other things...this can wait.
Right @gparra. 
Lol, I guess this comes to show every single feature request has a potential negative impact on someone... its just impossible to please everyone, it does make these guys job a lot harder...
That said, I am the one who's right! 
Hotfix 2.0.1.114 is available with bug fixes for Alexa, Hue, code folding, 24 time display in apps, and reboot/shutdown endpoint security.
Looks like you won this one @gparra.
Security wins over convenience again...as it should...but it still hurts my heart.
Keeping my 
on you @gparra. Ready to auto-flag any "feature" requests. And now I got @SmartHomePrimer at my side in case I miss one. Make a request...I dare you.
That means the tasker method you showed me doesn't work anymore?
Download the Hubitat app
