Hi,
Wondering if people have any tips on securing Retool.
We're only allowing access from inside our network for now but I still want to make sure we're configuring the system to be as secure as reasonably possible (without compromising the functionality or diverting away from the standard settings too much).
We've setup SSL and SSO and this is working fine
I'd like to know if it's possible to remove the HTTP endpoint so it forces people to use HTTPS? If so, any tips on how would be great.
I've not yet looked at default permissions and security groups but I know I've some work to do there.
Anything else you kind folks can advise on as "best practice" in your experience.
Environment Deets:
- Retool hosted on Ubuntu (VMWare) running Docker
- Predominantly a Microsoft Windows/Azure hybrid environment
Thanks,
Dave