Sensitive data can be exposed via API request to query results without any authorization #6026
Comments
|
That seems like expected behavior. Using one of those query URLs is a pretty common pattern of making a page available to anyone who has the unique URL, but yet is sufficiently complex that no one can guess it. If you want to provide access to queries without passing a token in the URL, you should use user tokens which are passed as a header when making API calls to queries.
|
|
@phillipjohnson I would like to request the following settings if this is the intended behavior:
Kindly guide me on how I can acquire these preferences. |
|
@iholoviy I'm just another user, but I can at least let you know that the database stores query executions in the The UI lets you cycle tokens for users and I agree having that functionality for the query makes sense too. |
Issue Summary
Anybody in my team can easily expose sensitive data by sharing the URL with API requests to query results. Users can click on this URL and receive query results without any authorization. Moreover, it is not possible to revoke access to query results shared in such a way. It's not even possible to identify which queries were shared in such a way. So, once the URL has been shared, you can't do anything apart from delete of query and clean up the query result.
Please note that when we are sharing the dashboard, there is a clear message that it will be publicly available. It may be worth adding something similar for query results to emphasize that query results will also be publicly available.
Steps to Reproduce
Expected result:
There should be an additional layer of security that can eliminate exposing URLs to query results with sensitive data:
Or at least there should be a way how to track such shared query results and revoke access to them.
Technical details:
The text was updated successfully, but these errors were encountered: