grafana-simple-sql-datasource icon indicating copy to clipboard operation
grafana-simple-sql-datasource copied to clipboard

Published 20 hours ago verified publisher icon gbrian

SQL Password send in clear text

Open nanohayder opened this issue 7 years ago • 2 comments

Thank you so much for this great plugin it helped us a lot but we have one issue with it is that the SQL Credentials and the DB name and the DB IP all are send in the url in clear text even if it's encrypted it will show up on the client side in the developer tools is there anything we can do so that we only send a request for the data without the credentials? if it can be done using proxy and all the data is handled from the client side that would be even better?

Thanks

nanohayder avatar Oct 11 '17 09:10 nanohayder

Hi @nanohayder ,

We can think on having a settings file for this so you define a datasourceid on the url instead whole connection string. Currently (not sure) but setting as Proxy datasource a non admin user should not be able to see it as is grafana backoffice running the request not the client. If it's set as Direct it is the browser running the request.

gbrian avatar Oct 13 '17 10:10 gbrian

Hi @gbrian

I think if we can't make as a proxy and it has to be direct then I think we need to add authentication to the request same Grafana as they have done with mysql driver they are sending the query with an id for the data source but the request is authenticated using grafana.

Thanks

nanohayder avatar Oct 14 '17 06:10 nanohayder