arc login security

[Sulejman Sarajlija]

People, is there a way to make impossible third party developers to register on your arc instance. I just went and registered with some random mail again. And guess what -  i can do all sorts of stuff with my web project and no authorization needed.

[Jordan Kasper]

Hmm... it sounds like you are actually deploying and running Arc on the machine where you host your application. That's probably not the best idea. Instead, you want to install just the process manager on the application deployment box, and then remotely deploy your application to it (either from the CLI or Arc locally).

This docs page outlines how to set up a production server pretty well: https://docs.strongloop.com/display/SLC/Setting+up+a+production+host

It talks about setting up HTTP auth with your process manager to secure deployments, but I would recommend http+ssh instead. You can read about that here: https://strongloop.com/strongblog/secure-node-js-process-manager-ssh/

In any case, you should not install and run Arc locally on your deployment machine.

--Jordan

[Sulejman Sararajlija]

Yeah, I have that practice to have two servers , one for development and other for production. I will do as you say. I see it’s just not designed for what I do.

Thank you Jordan.

--
You received this message because you are subscribed to a topic in the Google Groups "StrongLoop" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/strongloop/8NJaiO4CMnE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to strongloop+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/strongloop/ad832439-652d-4e38-88cc-55312e6bf2fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Sulejman Sarajlija]

Hello Jordan, did you know about this: https://www.exploit-db.com/ghdb/4340/