How n8n-nodes-base.code node is secured

Describe the problem/error/question

How exactly the code node is executed in a manner of security? is it execute as sandbox? do we have any protection from?
if i am exclude this node, does other node dependent on this node?

Information on your n8n setup

  • **n8n version:latest
  • **Database (default: SQLite):postgres
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • **Running n8n via (Docker, npm, n8n cloud, desktop app):docker
  • Operating system:

well… you have n8n in docker, so it’s already a sandbox :slight_smile:

What are the security issues you are thinking of?

I mean if someone can run a peace of code which connect to the databases and fetch a sensitive data?

We have a dedicated sandbox setup for the code node, and the only access inside that node is the stuff we explicitly allow.

1 Like

@netroy thank you for sharing this info. other question that just pop my mind, does the nodes in the workflows executed as a separate process?

They currently do not, but this is something we are working on, to make sure that the process that a workflow executes as has the least possible privileges by running the process as nobody.
There is however no deadline for that change that we can commit to.

so as for now all workflows run in the main thread? there is an High level architecture diagram to better understand it somewhere?

so as for now all workflows run in the main thread?

Yes, and this definitely has security and performance implications.
However, you can use n8n in queue mode, where the executions happen in a separate worker process/container.

I don’t think we have a High level architecture diagram that covers this detail.

2 Likes

@netroy thank you for sharing all those inputs.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.