From 0894f71056d50cd787a532312691b8e488c05faa Mon Sep 17 00:00:00 2001 From: Alicia Sykes Date: Fri, 16 Feb 2024 20:26:54 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=93=9D=20Updates=20auth=20note?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/authentication.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/authentication.md b/docs/authentication.md index 5a42a87a..694dbe9d 100644 --- a/docs/authentication.md +++ b/docs/authentication.md @@ -18,6 +18,12 @@ - [OAuth Services](#oauth-services) - [Auth on Cloud Hosting Services](#static-site-hosting-providers) + +> [!IMPORTANT] +> Dashy's built-in auth is not indented to protect a publicly hosted instance against unauthorized access. Instead you should use an auth provider compatible with your reverse proxy, or access Dashy via your VPN. +> +> In cases where Dashy is only accessibly within your home network, and you just want to add a login page, then the built-in auth may be sufficient, but keep in mind that configuration can still be accessed. + ## Built-In Auth Dashy has a basic login page included, and frontend authentication. You can enable this by adding users to the `auth` section under `appConfig` in your `conf.yml`. If this section is not specified, then no authentication will be required to access the app, and the homepage will resolve to your dashboard.