Ok, so I am in the middle of automating everything in my house (this is a lot of fun, and way easier then it was before the IMP, thanks)…

Other then the fact that the HTTP inputs are non obvious (they have some UUID in them), how can I prevent someone from figuring out my URL and turning my pool heat up to 100F (ok, this is sort of a dumb example, since they can just walk up to my pool equipment and do that manually, but you get the point)?

Are there plans for how this could be secured?

I also want to automate my alarm system, but I am pretty confident, the first time one of my tech friends figure this out, they will do their best to figure out to set off my alarm on me (it will require the alarm code to disarm, but of course, that is going to be transmitted to the IMP in clear text (even if I swizzle it somehow, if someone could get access to my code, they could figure out my swizzle algorithm).

I am not looking for an immediate answer, I just want to know if it has been thought of, and if there are plans on addressing it, or if it is just beyond the scope of what the IMP is for…


I also am past the demo stage and want to set up some real outside controllable stuff but need something better than security through obscurity of the UUID.

With agents you can layer additional authentication onto requests - that should help both of you.

UDIDs are hard to guess though!