I have node-red 4.0.9 running as a service using nssm, I set up the password using node-red-admin hash-pw. After a few days it seems that the password was changed automatically and I had to reset the password in settings.js again
Is this an issue or some setting that can be changed?
No, there is no way the password will change on it's own. The only way the password will change is if the settings.js file is edited.
If your Node-RED instance is exposed to the internet please make sure the username and password you pick are not trivially guessed (e.g. probably don't use "admin" as a username).
I would also double check all the tabs in your flows, especially scroll down and to the right to check nothing has been added.
As Ben implies, if you have connected this instance of Node-RED (or the device that runs it) to the Internet, please disconnect immediately.
There is lots of information in this forum on connecting Node-RED to the Internet relatively safely. If your device or Node-RED instance has been compromised, you may need to reset everything and change passwords before continuing.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy