Private Retool Application found on Google

Hello, I have two possibly unrelated questions:

  1. We were able to find our instance on Google by searching "[company name] reset password". We cannot have our application discoverable, whether the user has access privileges or not, on a search engine.
  2. We have been getting random users trying to access our Retool instance. I have a hunch that these may be nefarious actors but some of these users are from our company but somehow found a way to request an account with our instance. I believe that this is related to point 1 but I'm not sure if they're using Google or some other engine to find a reset password link.

We want to button this up so that no one outside of our technical functions has access to our instance. Can someone please advise?

2 Likes

We're facing a similar issue. Our ReTool app (our admin dashboard) is showing up in public search results, and our customers are trying to reset password for our retool app, rather than our customer app.

Are we able to have an option to block the whole subdomain from google search with a robots.txt or similar?