Comments (3)
tobiemh
commented on April 28, 2024
4
Hey @Jayuda thanks so much for this issue submission 👍. We've actually been discussing this on the SurrealDB Discord.
The database currently allows connecting and querying from unauthenticated users (albeit they won't be able to see data which has not been allowed using PERMISSIONS).
We're thinking about adding in functionality to only allow requests from AUTHENTICATED user sessions, and to deny UNAUTHENTICATED sessions. This means a developer/user of SurrealDB would. be able to completely disallow any unauthenticated session from running any query (even those that don't actually query table data, like the example you gave).
from surrealdb.
Jayuda
commented on April 28, 2024
3
thanks for responding to this issue. hopefully it can be added soon so that surrealdb can be more stable and secure.
from surrealdb.
tobiemh
commented on April 28, 2024
1
It is now possible to completely deny access to anonymous and unauthenticated users with #2547, and in addition it's now possible to set the function and query capabilities of a SurrealDB instance with #2489 🚀 🎉 😃 !
from surrealdb.
Related Issues (20)
- Feature: version command should print detailed information about the binary
- Bug: unresolved import `crate::fflags` in version 1.3.0 with kv-rocksdb feature enabled HOT 3
- Performance issue: array / result set operations are slow HOT 1
- Bug: Graph query does not work when selecting uncreated node HOT 1
- Bug: index not working when fetching data with relation
- Bug: Very different behaviour across backend engines, with rocksdb and tikv not working
- Bug: constant attempts to connect to localhost:4317 HOT 2
- Bug: new beta show error on server stop
- Bug: Throw syntax error when using multiple PERMISSIONS statements when defining a table
- Feature: allow inclusive range query (array as id) where you only have to specify first elements and succeeding with NONE
- Bug: can not build on woa(windows on arm64) HOT 1
- Feature: Improve KILL parameter error
- Bug: Ordering of JWT appears to break authentication
- Bug: Transaction sends CREATE to the LIVE-UUID even when the transaction Throws. HOT 2
- Bug: ORDER BY is causing a big performance impact HOT 9
- DEFAULT_TICK_INTERVAL is guarded by `sql2` feature in wasm HOT 2
- Feature: vector::mean() aggregate function
- Feature: Return Error when Permissions Block Action
- Bug: hidden time cost proportional to the input size in SurrealQL HOT 3
- Feature: SurrealQL array::create() and array::fill()
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from surrealdb.