πŸ›‘οΈSecurity

Eval is evil

Because WebDB is preliminary designed for developper, some code are evaluated (eg MongoDB queries).

There is no alternative possible to eval for powerful code execution so:

Exposing WebDB is highly discouraged because of an eval for query runner.

If for some reason, you really need to install WebDB on a public server, change the PROTECTED_MODE variable to mitigate attacks

SSH Tunnel

Prefer SSH Tunnel option if you need to connect to remote server. The feature is available when adding manually a connection. Basically WebDB will connect to through a SSH serveur with user/password or public key

If you use Docker you can also add a docker image near the database container to end the SSH tunnel : openssh-server

Last updated