Hello, I have two possibly unrelated questions:
- We were able to find our instance on Google by searching "[company name] reset password". We cannot have our application discoverable, whether the user has access privileges or not, on a search engine.
- We have been getting random users trying to access our Retool instance. I have a hunch that these may be nefarious actors but some of these users are from our company but somehow found a way to request an account with our instance. I believe that this is related to point 1 but I'm not sure if they're using Google or some other engine to find a reset password link.
We want to button this up so that no one outside of our technical functions has access to our instance. Can someone please advise?