Hey Guys. We don't know what's there on their site. There might be just one app and one driver LOL.
Or two
Obviously kidding
Didnt see @Cobra's reply, but yup all good
Give us credit, please! Theres 3
Might I suggest users don’t register using passwords to other sites or anything they care about - not that I don’t trust @Cobra and @Royski but you don’t know how they are stored on the backend and if an attacker could potentially get to them. It would also be nice if the site supported TLS (https://letsencrypt.org/).
TBH, we hold very little data. Email, to get in touch obviously, passwords can be changed to more memorable via the Member Update link, and whether you would like to be on the mailing list, that is it. You dont have to register with your HE email, use any. We only ask you to include your HE username, and this is only to validate you are the real person.
We'll discuss TLS though, just to give a better feeling And thanks for the link, thats very useful!
Ok.
As @Royski has stated.
We currently hold only a few bits of personal data about members
- A valid email address
- Your hubitat community membership name
- A system generated password.
You obviously will have the ability to change your password for something easier to remember once the site is open.
I would always recommend you use unique passwords for any website that requires one.
FYI
The website is php based with an sql db back-end
The server it currently sits on also hosts my main business helpdesk and website and has been secured with that in mind. It is not a ‘hobby’ server installation.
On a related note.
We plan to offer the ability to send free emails directly from your hub via one of my servers.
As part of that service, you will have the ability to view a log of the emails sent.
This log will contain a randomly generated user number, the hub name, the subject and the message body.
This data will be accessible to both Roy and myself should we wish to trawl through the log files.
Obviously, this system should not be used for confidential emails
This is an example of the data collected in the log.
You will notice that the log file is named after the randomly (hub) generated number
(in this case 107814.log) and the only way you know that this is from my hub is that it is called 'Cobra Lab'
Obviously, use of this email facility is entirely optional
Having said all that, if anyone who has registered is concerned about the current or future security of their data then please contact me immediately, either via a PM or via the email address that sent you your confirmation email.
I will happily delete your membership and any information we hold about you and confirm this deletion via email.
Remember. This site is to be provided for free to all members.
It costs ME to host this.
It also involves a hell of a lot of my free time to write & maintain the apps/drivers code and Roys time to write & maintain the website
If you are unhappy about the way we are doing things then either don't register or (if you have already registered) let me know and I'll remove your data
Andy
Guys,
Having taken on board the above comments, we have updated our systems to use MD5 Hashed passwords, meaning Admin cannot see your passwords, hackers (should there ever be any) cannot obtain any passwords.
This does make the retrieval of forgotten passwords a little more convoluted, and we will amend our process for this accordingly.
We are fully transparent, on processes and data held, and are GDPR compliant in the little data held.
We can no longer can assist with password issues, this is down to each of you as members to govern, but you will have the ability to change or reset your password as you wish
Andy
I tried registering yesterday, but I goofed up and put my email address in the Hubitat User Name field - My user name is the same as my email, but minus the @gmail.com. I did not receive a confirmation email. How can I get this straightened out?
Your account was automatically deleted by the system because it couldn't find your username here
All you need to do is re register with the correct details.
Andy
Thanks Andy
any chance you can check to see if i was able to register as its saying Sorry this email address is already registered
but ive not had any emails about it ive also looked in the junk folder
Gavin, it went through fine.
Server load got a bit intense so it missed a couple of registration emails
Andy
My pleasure, man. Small price to pay for a huge boon to the HE community!
Looking forward to the site. I have been a fan of your apps and frankly use them every day. Do you have a place i can donate? I know that writing these apps, maintaining a website can take time. The least i can do is buy a few beers.
The link is at the bottom of each page on the site " Support App Development"
sent, thank you!
I have to say thank you to:
Steven Stroud, Angelo Attanasio & @cknickl for your donations.
I really appreciate them guys.
Unfortunately, most people don’t include their username when making a donation so it’s sometimes difficult to know who to thank
Andy