Is it dangerous if a n8n workflow can be ran by a user?
from SpiderUnderUrBed@lemmy.zip to selfhosted@lemmy.world on 10 Apr 22:23
https://lemmy.zip/post/62321223
from SpiderUnderUrBed@lemmy.zip to selfhosted@lemmy.world on 10 Apr 22:23
https://lemmy.zip/post/62321223
I just finished making a site, it has multiple ways emails are stored, I made a n8n workflow that gets the stored emails, checks if it has not been added onto a spreadsheet before, deduplicates it, then adds it to a spreadsheet. This workflow runs anytime a new email is submitted. This is my first time using n8n, is this dangerous? in the sense that having a n8n workflow that can be triggered directly by users, can it cause massive usage spikes in memory, etc very easily when its dependent on what a user can do? even if i ratelimit it, because I dont know the overhead n8n has, it takes a minute for the workload to finish also.
threaded - newest
What is n8n?
n8n is a selfhosted, automation platform that allows ‘visual’ block type ‘programming’ along with minimal code. There are two flavors. With AI or without AI.
n8n.io
ETA: I have no idea why people are downvoting you.
I’m not familiar with n8n, but any time you accept user input, it’s dangerous. What happens if a user submits 10,000 emails per second? What if they submit
user@example.com’; DROP TABLE emails; –, or whatever the n8n equivalent of SQL injection is? What if they submit,? What if they submit a blank field? What if they submit completely invalid random binary data? What if they submit a very, very, very long email address?If you are asking whether you should expose n8n to the public or if you gave your friend access, yes i would definitely classify that as dangerous. In your case, user submits email and something happens. As @frongt@lemmy.zip said, a user could submit any number of things via email that could/would cause issues.