Hi all, we've set up our self hosted instance on EC2 with public access open over SSL. However /auth/signup is still active - doesn't that mean anyone could spin up their own Retool on our instance?
Before I look at ways to solve this with a reverse proxy is there a simpler way to resolve this? I feel that I'm missing something as I can't find any discussions about it.
Thanks!
Hey @damobb - welcome to the community forum! 
Even though anybody can visit the /auth/signup endpoint, it can't be used to create more than one organization. Users should see a 401 Unauthorized error if they try to do so. We'd rather not hide that page, either, because it is another way for invited/valid users to create a new account on the existing organization.
I hope that answers your question and alleviates any concerns! Feel free to follow up here if there's anything else I can do for you.
Perfect - thanks Darren.