Hi, @KennethLavrsen maybe you want to vote for this feature request to give more visibility to this “problem”.
Personally, I don’t need the remote access via Nabucasa, but I am happy to support it to promote the project and Nabucasa’s TSS service. I think it’s a pity that this feature can’t be completely disabled and I would be happy if it would be implemented. Alternatively, it would also be desirable if at least a 2FA auth was available on Nabucasa to increase the security of remote access.
@KennethLavrsen - Thanks for linking to this post from Disclosure: Supervisor security vulnerability - #128 by KennethLavrsen
I didn’t even know that this was possible! and agree given the vulnerability that was just patched its insane that this post from 2020 didn’t have more visibility from people and the devs not acting on this.
Same as a few others, I have now disabled connection to NabuCasa from my instance all together until such time that this is isolation is implemented. You should never be able to overwrite your local instance settings from the cloud! I fail to see where this is needed.
I will carry on paying the NabuCasa subscription as i value the project and wish to support.
For now I have upvoted this feature, hope others follow suit to gain more visibility on this topic.