Make DRB UI read-only

[yaneony]

As for now, web UI gives you full control over all database/server/cluster. Exposing such UI over web is pretty dangerous. Sure, there is still possibility to put it behind apache/nginx with authentification, but still a dangerous thing.

It would be nice to have some king of possibility to turn UI in read-only mode, so it could be seen/checked for stats purpose only like current read/write, cache usage, etc.

[srh]

RethinkDB has read-only users. So that could be used to implement this.

[gabor-boros]

@yaneony I'm closing this issue for now. If you would like to reopen it, feel free to do.

[yaneony]

But there is no auth on gui, or?!

[gabor-boros]

So, maybe I misunderstood but isn’t the Nginx + read-only access a possible workaround? I mean I’m happy to reopen the issue but I thought the conclusion was that. Really sorry for the inconvenience. Should we reopen?

[srh]

I don't get why it was closed.

What I mean is, this is generally implementable, by having auth on GUI, or even no-auth but some read-only admin user on GUI, depending on how you want to set it up.

[sain801028]

@yaneony
Recommend this method
rethinkdb --initial-password auto
https://rethinkdb.com/docs/permissions-and-accounts/

[yaneony]

@yaneony
Recommend this method
rethinkdb --initial-password auto
https://rethinkdb.com/docs/permissions-and-accounts/

Please read initial post. Your recommendation is worthless, since, i'll quote:

The web administration UI always connects as if it were the admin user, and skips the authentication process (i.e., the password is not used for this connection). While the web UI cannot be password-protected, you can limit the addresses it will accept connections on using the --bind-http command line option. For more details on this, review Secure your cluster.

From here: https://rethinkdb.com/docs/permissions-and-accounts/#the-admin-user