More security: Other passwords for JSON and Domoticz website

[RMU]

Hello all,

I dont know if this is discussed before (cant find any with search) but i wonder the following:
If you want to switch things through a JSON request (like: http://<username:password@>domoticz-ip<:port>/json.htm?api-call) it works fine, and i understand that you need to use a password.
But would it be possible to use Form authentication as default for the website, and set a seperate password for JSON requests?

Because now i need to set authentication for all things (JSON and Website) to Basic auth. and use the username/password for both JSON request and login on the website. In my opinion that is not very safe.

And if the above can be created would it also be possible to use something like Google authenticator as Two factor authentication method to login at the website? So that it is safer to use from the Internet.

[gizmocuz]

if you call the json requests locally, why dont you add 127.0.0.1 to the local networks, or any other ip address that calls it ?

we are currently busy with other implementations, but 2way is on the todo list, bu when using https for now its pretty save
else change the password every now and then, same as you do on your system (linux/windows)

[RMU]

if you call the json requests locally, why dont you add 127.0.0.1 to the local networks, or any other ip address that calls it ?

The problem is that i dont only run it locally, i also plan to run them from my phone (NFC tags) with mobile network.

we are currently busy with other implementations, but 2way is on the todo list, bu when using https for now its pretty save

Ok thats nice. Waiting for that!

Speaking of HTTPS, when you run Domoticz and use the https port it gives back a *.domoticz.com certificate. will it also be possible to load your own certificate into Domoticz?