Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

let uiHost be set by security question in admin init. Beef up language around security question. #32

Open
wants to merge 4 commits into
base: master
Choose a base branch
from

Conversation

dceejay
Copy link
Member

@dceejay dceejay commented Jan 5, 2024

(force to 127.0.0.1 if no admin password)

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Proposed changes

This change beefs up the language about choosing a password... ie by adding
" DO NOT select No if you will expose Node-RED to the internet - or you will be hacked!"

If the user then still selects no it then changes the uiHost setting to be 127.0.0.1 so that only the local browser can connect and edit by default.

This only happens when you run node-red admin init - so won't affect existing users.

In parallel - The Pi install script will change to always run admin init if there is no settings file (IE a clean install) - so it should now be almost mandatory for new (Pi/debian/ubuntu) users to set an admin password...

Checklist

  • I have read the contribution guidelines
  • For non-bugfix PRs, I have discussed this change on the forum/slack team.
  • I have run grunt to verify the unit tests pass
  • I have added suitable unit tests to cover the new/changed functionality

(force to 127.0.0.1 if no admin password)
@coveralls
Copy link

coveralls commented Jan 5, 2024

Coverage Status

coverage: 81.563%. remained the same
when pulling e3cdfbd on add-uiHost-to-variables
into cdbd002 on master.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants