Database credentials leaking to user about homer-api HOT 7 CLOSED

Hi @foxx and thanks for your valuable comments and input.

The current "external" sources in H5 UI are intended as an initial hook for others to pick up and extend/develop/contribute and by no means a final solution, unlike the core functionality and internal database hooks which are stable and rock solid. We've used the foundations ourselves to deliver custom solutions to our customers with great degree of success already - The Browser in the current design is the query client and consequently should be provided adhoc credentials and pointed at a local proxy handling the actual authentication towards the backend - This is the case until the methods will be extended with an API pass-through, either way this leaves a lot of space for improvement which we're hoping someone will step up and/or sponsor. Pull Requests are extremely welcome anytime ;)

from homer-api.

this is not a mysql query, but the query to InfluxDB.

from homer-api.

Okay, but why is it sending backend credentials to the browser? Surely you should be proxying these queries, rather than exposing a single user login to every user?

from homer-api.

InfluxDB's design ?

https://docs.influxdata.com/influxdb/v0.9/administration/authentication_and_authorization/

https://docs.influxdata.com/influxdb/v0.8/api/reading_and_writing_data/

from homer-api.

Actually no, this is not the intended use. You haven't exposed any capability for configuring individual users per database driver in the frontend. This forces Homer users to have a single user which is shared across all users, which is not the design pattern that InfluxDB devs intended, and I'm surprised that you feel this is an acceptable approach.

For starters, if you remove a user from Homer then they will still have the shared credentials, forcing you to either reset the password every time you remove a user, or accept the risk that users with their access removed can still access the database.

from homer-api.

sorry, but you can create a read only user ? or I understand something wrong ?

if you will check the influxdb's chart you will see that it makes a direct query without using Homer's API. Do you have another solution how to do it better ?

from homer-api.

It doesn't matter if the user is read only, the basic principle is that a single database user/pass are being shared for multiple users within Homer, making it impractical to achieve any sort of reliable access controls.

In almost all cases, it's better to create a lightweight API for the backend database, eliminating the need to expose direct query capabilities to the client app. However in situations where this is not feasible, e.g. you want the client to have query capabilities, then it's wise to proxy the request through your own API and apply the credentials in the backend. It would also be wise to only allow certain query types, if your database user doesn't have the appropriate ACLs.

Alternatively, you could look at adding credentials management into Homer on a per user basis, but the UX quickly becomes unmanageable, in my previous experience.

Allowing remote query execution with InfluxDB carries much the same risks as doing it in MySQL, and unless you absolutely trust the user (which isn't always the case), then exposing these capabilities is unwise.

from homer-api.