Comments (7)
Hi @foxx and thanks for your valuable comments and input.
The current "external" sources in H5 UI are intended as an initial hook for others to pick up and extend/develop/contribute and by no means a final solution, unlike the core functionality and internal database hooks which are stable and rock solid. We've used the foundations ourselves to deliver custom solutions to our customers with great degree of success already - The Browser in the current design is the query client and consequently should be provided adhoc credentials and pointed at a local proxy handling the actual authentication towards the backend - This is the case until the methods will be extended with an API pass-through, either way this leaves a lot of space for improvement which we're hoping someone will step up and/or sponsor. Pull Requests are extremely welcome anytime ;)
from homer-api.
this is not a mysql query, but the query to InfluxDB.
from homer-api.
Okay, but why is it sending backend credentials to the browser? Surely you should be proxying these queries, rather than exposing a single user login to every user?
from homer-api.
InfluxDB's design ?
https://docs.influxdata.com/influxdb/v0.9/administration/authentication_and_authorization/
https://docs.influxdata.com/influxdb/v0.8/api/reading_and_writing_data/
from homer-api.
Actually no, this is not the intended use. You haven't exposed any capability for configuring individual users per database driver in the frontend. This forces Homer users to have a single user which is shared across all users, which is not the design pattern that InfluxDB devs intended, and I'm surprised that you feel this is an acceptable approach.
For starters, if you remove a user from Homer then they will still have the shared credentials, forcing you to either reset the password every time you remove a user, or accept the risk that users with their access removed can still access the database.
from homer-api.
sorry, but you can create a read only user ? or I understand something wrong ?
if you will check the influxdb's chart you will see that it makes a direct query without using Homer's API. Do you have another solution how to do it better ?
from homer-api.
It doesn't matter if the user is read only, the basic principle is that a single database user/pass are being shared for multiple users within Homer, making it impractical to achieve any sort of reliable access controls.
In almost all cases, it's better to create a lightweight API for the backend database, eliminating the need to expose direct query capabilities to the client app. However in situations where this is not feasible, e.g. you want the client to have query capabilities, then it's wise to proxy the request through your own API and apply the credentials in the backend. It would also be wise to only allow certain query types, if your database user doesn't have the appropriate ACLs.
Alternatively, you could look at adding credentials management into Homer on a per user basis, but the UX quickly becomes unmanageable, in my previous experience.
Allowing remote query execution with InfluxDB carries much the same risks as doing it in MySQL, and unless you absolutely trust the user (which isn't always the case), then exposing these capabilities is unwise.
from homer-api.
Related Issues (20)
- Alarms config HOT 1
- Can't create alarm HOT 1
- Ipv6 calls are showing 0.0.0.0 ip when exported as pcap HOT 5
- Export search type uses current local time zone regardless of time zone selected in UI HOT 3
- Search uses "local" time instead of selected timezone if Export selected HOT 1
- click on Call-ID field does not display entire dialog if call started > 15 minutes before packet clicked HOT 3
- Wrong MOS calculation HOT 7
- incorrect content-length on json widget download (off by one) HOT 5
- Large INVITEs > 1500 bytes not being saved HOT 11
- homer_mysql_rotate fails. HOT 2
- NO msg field when retrieved call details using GET/POST http://localhost/api/v1/search/data HOT 1
- homer-api not connecting to the database HOT 3
- LDAP Authentication
- Homer 5 Install guide HOT 2
- Back-End homer-api for Java ? HOT 3
- unable to send json using statstrmr to homer api HOT 1
- does possible homer authenticat via microsoft active directory? HOT 2
- Duplicated records on homer 5 HOT 2
- homer_pgsql_rotate.pl no longer works HOT 7
- MySQL 8: function PASSWORD() removed. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from homer-api.