Wanted to add a “+1” to this conversation and confirm that the scenario of selecting from set of predefined parameters would also work for our scenario: dashboards that are the same reports but varying by location, integrating the visualization into a product flow.
This ability would make redash particularly suitable for those of us that want an unopinioned BI/Reporting system that we can use as a data visualization extension of our products.
However, we do not have quite as strong a security requirement. For us this is just a convenience method for presenting slices of public-ish data.
We could make either option 1 or option 2 work (i.e. we could make a call with a private key to generate a secure token that could be used in a “signature check of the parameter” assuming that is what you meant). Proposal 2 sounds to me like s3 presigned urls conceptually: https://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html (Which reminds me you could probably include an expiry timestamp if you want a concept of a “session duration” )
FWIW: I feel that, for many users, you could also make the case that it was appropriate due diligence from a security standpoint to just sanitize everything that comes in over the query string. This would protect the data source itself, and, would just require the person generating the dashboard share string to have a some understanding of the data. To deal with the original scenario of customers not seeing each others data the data itself could use “crypto unique” or “unguessable” id space for the customer ids. Which I think is almost equivalent because the proposals above still produce a URL that is “valid forever” (unless you add the timestamp). So maybe separate the concerns of sql injection from the concerns of access authorization.