Configuration for disabling database, schema and tables listing #741
Comments
|
ye now it is open, but if you connect to a cloud provider you'll also be able to see all other DBs there, so It should be possible for us but it has to be configurable, since some users use this endpoint now for healthcheck and other purposes. |
|
What do you think about adding a ? |
I'm not sure this is the best approach, sure would work but we'd rather have a better user-management permissions system than adding possible tech debt. I'm not trying to be harsh or anything, lets just ensure that we have the best scalable solution to our users, this is definitaly something that we want to work on the near future. |
|
I know you are not being harsh, no worries at all! I'm bringing it up so we can discuss it together. Can't we build something as a temporary solution and then change it to stick to the new user system, as we are still solving the problem with multi-database management? |
|
we could, but the problem with temporary solutions is that once people start relying on that It is very hard to make them migrate, so this has the potential of having users stuck to a version that they cannot migrate from due to this feature. I'm ok with having this new optional middleware, as long as it is explicitly documented that this will disapear soon and people should not rely on it. |
|
@avelino what are your thoughts? |
As I work with confidential data, I would like to protect a malicious user from knowing my database, tables, and schema. We already have the possibility of blocking access to tables contents, but I didn't found anything, i.e., regarding blocking access to the /database endpoint.
The text was updated successfully, but these errors were encountered: