I started building my own app to control my smart home and I am planning to use my own security panel to arm/disarm the alarm system. Searching for best practices I stumbeled across the fact that the "SecPassword" variable holding the encrypted Pin is visible to any (domoticz knowing) person in my network. Isn't that a quite huge security leak, because I would be able to arm / disarm any domoticz alarm system where I can get network access? Is there any need to provide the string in the API? imho it would be smarter to keep it a secret, because it can be used directly to trigger the alarm system - or to have some kind of asymetric encryption...
Would be nice to see how you handle that. Just ignore it - or provide guest wifi in different IP ranges to keep "strangers" from your keys
