Embedding Security


#1

Are there any plans to have any type of security around embedding? I’d love to use redash in our SAAS, but I really need to have some way of controlling access to the embedded graphs.

Alternatively is it possible if I self-host?


#2

What do you mean? Currently you need an API key to open an embed. Or are you referring to the situation with parameters in embeds?


#3

To be honest I’m also concerned/curious/slightly perplexed about the security aspect of embedding queries in our website. Security isn’t exactly my forte so I’d love to see a tutorial or simply an explanation of some kind that explicitly shows how (you could) go about securely embedding queries in a website that already has login/authentication of its own, so that not just anybody with the right URL could access the query.

Honestly, I’m sure it’s obvious/easy I’m just missing something. A bit thickheaded over here :slight_smile: