From 57beabf0b4a9ac8929d23e26cbc385e9e8397d0f Mon Sep 17 00:00:00 2001 From: Nick Farina Date: Wed, 17 Feb 2016 10:43:54 -0800 Subject: [PATCH] Add comment --- lib/cli.js | 2 +- lib/server.js | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/cli.js b/lib/cli.js index 182fa1c..be4810a 100644 --- a/lib/cli.js +++ b/lib/cli.js @@ -17,7 +17,7 @@ module.exports = function() { .option('-P, --plugin-path [path]', 'look for plugins installed at [path] as well as the default locations ([path] can also point to a single plugin)', function(p) { Plugin.addPluginPath(p); }) .option('-U, --user-storage-path [path]', 'look for homebridge user files at [path] instead of the default location (~/.homebridge)', function(p) { User.setStoragePath(p); }) .option('-D, --debug', 'turn on debug level logging', function() { require('./logger').setDebugEnabled(true) }) - .option('-I, --insecure', 'allow insecure access to homebridge', function() { insecureAccess = true; }) + .option('-I, --insecure', 'allow unauthenticated requests (for easier hacking)', function() { insecureAccess = true }) .parse(process.argv); // Initialize HAP-NodeJS with a custom persist directory diff --git a/lib/server.js b/lib/server.js index bc2c691..d8523c0 100644 --- a/lib/server.js +++ b/lib/server.js @@ -25,6 +25,11 @@ function Server(insecureAccess) { this._config = this._loadConfig(); this._bridge = this._createBridge(); + // Server is "secure by default", meaning it creates a top-level Bridge accessory that + // will not allow unauthenticated requests. This matches the behavior of actual HomeKit + // accessories. However you can set this to true to allow all requests without authentication, + // which can be useful for easy hacking. Note that this will expose all functions of your + // bridged accessories, like changing charactersitics (i.e. flipping your lights on and off). this._allowInsecureAccess = insecureAccess || false; }