Securing Node-RED
Out of the box, Node-RED has no securityâanyone who can reach TCP port 1880 on your machine can deploy and run arbitrary code! This is a significant security risk, which you should mitigate in either of a couple of ways.
One solution is to use a firewall to block incoming traffic to this port from anywhere other than the loopback interface (localhost). Windows, Mac OS X, and Ubuntu all come with built-in firewalls, but they may not be enabled by default.
Another choice is to configure Node-RED itself to respond to requests only from localhost. To do this, open the settings.js file that Node-RED created in your config directory. Look for the uiHost setting in a section that reads like this:
| â | â// By default, the Node-RED ... |
Get Node.js 8 the Right Way now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
