Security considerations
Some things about security you should be aware of:- It is a good idea to create a dedicated user account in Domoticz that you use for DA Bridge only. You should definately not use your admin user or any other user with administrator rights. You can create a user in Domoticz here: Settings -> More Options -> Edit Users
- On that page, you can also restrict access to devices and only allow access to the ones you will actually be controlling using Alexa. You can do so by clicking on the "Set Devices" button. Drag the devices you need to the right column and drag the rest to the left.
- Use https to let Domoticz Bridge connect to your Domoticz! Passwords are sent over the internet in clear text if you don't use https! This is a bad idea, so you should use https whenever possible, we might even remove unencrypted http support in the future. Seriously, don't use plain http.
- We know that most people using https will use a so-called self-signed certificate. Therefore we do not check the validity of your certificate when connecting to your Domoticz as it would break SSL for most users. This is a potential security risk, because it opens up the possibility to do a man-in-the-middle attack, but using SSL still protects you from people sniffing your traffic (and your password).
- Do not use Alexa to control security related devices around your home. Controlling door locks, garage doors, alarm systems, blinds/shutters etc is not safe. Someone standing outside shouting loud for Alexa to hear it may be able to get into your home. Obvously, this goes for all devices, not just the ones controlled by DA Bridge.