Secure my Vera not working?

While experimenting with Vera I realized if I go to http://192.168.0.111 then my Vera is wide open with no security whatsoever. Eg anyone can unlock my locks, etc.

So I did some research and I found this link: http://docs2.mios.com/doc.php?platform=0&language=1&manual=1&page=security

It says “Simply login to your mios.com account, click the ‘Settings’ link next to the MiOS system, and check the box ‘Require local http authentication’.”

However this is not available and mios.com has moved to www.micasaverde.com

The only thing I see is the IP address and “Dashboard” and “Rename” links on my Vera3 with UI5.

Ok so I look at the dashboard and go to Settings/Unit Settings

I changed “Do you want to secure this Vera?” to YES and hit save. I refresh the page and it has saved it but if I got to http://192.168.0.111 with another computer/browser, I can STILL access all of Vera’s functionality.

How do I get the basic password protection to prevent anyone from using Vera?

As an aside, I use Vera as lock management device for my business. This means anyone that plugs into the ethernet port can open any Z wave lock.

Clearly this is an oversight in security. What am I missing? How do I at least give some password control to prevent any random person from opening my locks?

Past discussions:

http://forum.micasaverde.com/index.php/topic,9916.0.html

http://forum.micasaverde.com/index.php/topic,8130.0.html

http://forum.micasaverde.com/index.php/topic,6433.0.html

Summary: Password protection on the LAN is false security. If you really need security and not a deterrent then you must use a restricted subnet.

Since it’s easy to pick any conventional lock with the right tools, why would you bother with locks at all? :stuck_out_tongue:

Local auth can be implemented reasonably securely with lighttpd user with https with tofu.