Ability to limit/restrict what domains are queryable

[WillNilges]

I'd love to use this extension in my project, but I am concerned with the safety of allowing queries to any domain. I trust my users to have read access, but I don't trust them not to accidentally query a bad domain that could harm the health of my system. Would it be possible to have some kind of restriction on what domains are queryable? The only thing I want to do is query another API we have from the database.

[pramsey]

Seems like a reasonable GUC to have, maybe a regex pattern to whitelist against. In the short term, having a single trusted system user that can run the function, rather than allowing all users access to it would seem a ok workaround?

[WillNilges]

Thanks for the response!

TL;DR: Multiple people need access in a way that makes having one user able to run the function difficult (but perhaps not impossible?), because we give these people read-only access, maybe it's OK, but having that whitelist would bring peace of mind :)

Having a single trusted system user

Our usecase is kinda weird: We have a django app that our volunteers need to have read-only access to, and that django app has a "sql explorer" through which we offer a read-only user. So multiple people have access, but only to this "read only" set of credentials.

Maybe having this extension is OK, because the credentials are read-only (You can only execute SELECT statements). But I am ignorant of Postgres security so I don't know if it might be possible to serve a malicious payload from an endpoint, then use this extension to exploit the database.

If we guarantee that only one domain can be queried (the API we JOIN against), that would eliminate that attack surface.

[pramsey]

Actually, even better, just write a very small function that only takes the query parts of your JSON API, and then builds up the URL from those parts. Only give your users access to that function.

[WillNilges]

Ooh very interesting! It's possible to offer a role access to a function, but not an extension? That would totally work!

I can do research on my own but if you have any docs to link, that would be much appreciated!