Prevent anonymous editor access on IBM Cloud Code Engine

bthj · 20 June 2022 10:53

Hi,

I have Node-RED running on Code Engine in the IBM Cloud, based on the Node-RED Starter Kit. Even though I configured user user credentials during the setup, anyone can visit the editor and view the logs, which I would like to prevent. There is documentation on the NODE_RED_GUEST_USER environment variable, but I haven't been able to set it effectively to false, to prevent anonymous read access. For example, on the Code Engine Application Environment variables tab I've set NODE_RED_GUEST_USER as literal false, with no effect.

Any idea on what can be done in this hosting environment to prevent anonymous read access to the editor UI?

bthj · 20 June 2022 12:02

In my copy of the Node-RED IBM Cloud Starter Application, I modified the startNodeRED function in index.js to never consider config.adminAuth.allowAnonymous or process.env.NODE_RED_GUEST_ACCESS (just by setting if(false) ...) - which does the trick, but is kinda hackish, so I'm still interested in learning how to apply this configuration via the NODE_RED_GUEST_USER environment variable

system · 19 August 2022 12:03

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Use of environment variables to set editor user name and password General	10	660	30 January 2022
Securing Dashboard on IBM Cloud Dashboard	6	862	27 September 2020
Nodered on bluemix General	3	464	7 March 2019
credentialSecret when deploying on IBM Cloud Code Engine General	4	242	18 May 2022
HTTP Node security on IBM Cloud Node Red Dashboard	9	5164	19 October 2020

Prevent anonymous editor access on IBM Cloud Code Engine

Related Topics