Why does Realm Studio let me log into a Realm Object Server without credentials?

ros

#1

Using Realm Studio to connect to a Realm Object Server, why is it possible to leave the username and password fields blank, yet be authenticated as an admin? I’ve done this with a few different ROS instances. How do I disable this security hole when I go to production?


#2

Anyone else experiencing this behavior? It seems like a huge security hole.


#3

@chad.gilbert You can customize the index.ts to specify an auth provider or remove non-secure ones
https://docs.realm.io/platform/customize/authentication/usernamepassword


#4

Thanks Ian, that’s what I was looking for.