This is an automated email from the ASF dual-hosted git repository.
dpgaspar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new 74ff8dc724 docs: Add note on SQL execution security considerations
(#33210)
74ff8dc724 is described below
commit 74ff8dc7249bb52f54592f2dc22f2805221f7a56
Author: sha174n <[email protected]>
AuthorDate: Wed Apr 23 13:58:33 2025 +0100
docs: Add note on SQL execution security considerations (#33210)
---
docs/docs/security/security.mdx | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/docs/docs/security/security.mdx b/docs/docs/security/security.mdx
index d665547760..1b2aa8fd24 100644
--- a/docs/docs/security/security.mdx
+++ b/docs/docs/security/security.mdx
@@ -64,6 +64,26 @@ tables in the **Permissions** dropdown. To select the data
sources you want to a
You can then confirm with users assigned to the **Gamma** role that they see
the
objects (dashboards and slices) associated with the tables you just extended
them.
+### SQL Execution Security Considerations
+
+Apache Superset includes features designed to provide safeguards when
interacting with connected databases, such as the `DISALLOWED_SQL_FUNCTIONS`
configuration setting. This aims to prevent the execution of potentially
harmful database functions or system variables directly from Superset
interfaces like SQL Lab.
+
+However, it is crucial to understand the following:
+
+**Superset is Not a Database Firewall**: Superset's built-in checks, like
`DISALLOWED_SQL_FUNCTIONS`, provide a layer of protection but cannot guarantee
complete security against all database-level threats or advanced bypass
techniques (like specific comment injection methods). They should be viewed as
a supplement to, not a replacement for, robust database security.
+
+**Configuration is Key**: The effectiveness of Superset's safeguards heavily
depends on proper configuration by the Superset administrator. This includes
maintaining the `DISALLOWED_SQL_FUNCTIONS` list, carefully managing feature
flags (like `ENABLE_TEMPLATE_PROCESSING`), and configuring other security
settings appropriately.
+
+**Database Security is Paramount**: The ultimate responsibility for securing
database access, controlling permissions, and preventing unauthorized function
execution lies with the database administrators (DBAs) and security teams
managing the underlying database instance.
+
+**Recommended Database Practices**: We strongly recommend implementing
security best practices at the database level, including:
+* **Least Privilege**: Connecting Superset using dedicated database user
accounts with the minimum permissions required for Superset's operation
(typically read-only access to necessary schemas/tables).
+* **Database Roles & Permissions**: Utilizing database-native roles and
permissions to restrict access to sensitive functions, system variables (like
`@@hostname`), schemas, or tables.
+* **Network Security**: Employing network-level controls like database
firewalls or proxies to restrict connections.
+* **Auditing**: Enabling database-level auditing to monitor executed queries
and access patterns.
+
+By combining Superset's configurable safeguards with strong database-level
security practices, you can achieve a more robust and layered security posture.
+
### REST API for user & role management
Flask-AppBuilder supports a REST API for user CRUD,