This is an automated email from the ASF dual-hosted git repository.

dpgaspar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git


The following commit(s) were added to refs/heads/master by this push:
     new 74ff8dc724 docs: Add note on SQL execution security considerations 
(#33210)
74ff8dc724 is described below

commit 74ff8dc7249bb52f54592f2dc22f2805221f7a56
Author: sha174n <[email protected]>
AuthorDate: Wed Apr 23 13:58:33 2025 +0100

    docs: Add note on SQL execution security considerations (#33210)
---
 docs/docs/security/security.mdx | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/docs/docs/security/security.mdx b/docs/docs/security/security.mdx
index d665547760..1b2aa8fd24 100644
--- a/docs/docs/security/security.mdx
+++ b/docs/docs/security/security.mdx
@@ -64,6 +64,26 @@ tables in the **Permissions** dropdown. To select the data 
sources you want to a
 You can then confirm with users assigned to the **Gamma** role that they see 
the
 objects (dashboards and slices) associated with the tables you just extended 
them.
 
+### SQL Execution Security Considerations
+
+Apache Superset includes features designed to provide safeguards when 
interacting with connected databases, such as the `DISALLOWED_SQL_FUNCTIONS` 
configuration setting. This aims to prevent the execution of potentially 
harmful database functions or system variables directly from Superset 
interfaces like SQL Lab.
+
+However, it is crucial to understand the following:
+
+**Superset is Not a Database Firewall**: Superset's built-in checks, like 
`DISALLOWED_SQL_FUNCTIONS`, provide a layer of protection but cannot guarantee 
complete security against all database-level threats or advanced bypass 
techniques (like specific comment injection methods). They should be viewed as 
a supplement to, not a replacement for, robust database security.
+
+**Configuration is Key**: The effectiveness of Superset's safeguards heavily 
depends on proper configuration by the Superset administrator. This includes 
maintaining the `DISALLOWED_SQL_FUNCTIONS` list, carefully managing feature 
flags (like `ENABLE_TEMPLATE_PROCESSING`), and configuring other security 
settings appropriately.
+
+**Database Security is Paramount**: The ultimate responsibility for securing 
database access, controlling permissions, and preventing unauthorized function 
execution lies with the database administrators (DBAs) and security teams 
managing the underlying database instance.
+
+**Recommended Database Practices**: We strongly recommend implementing 
security best practices at the database level, including:
+* **Least Privilege**: Connecting Superset using dedicated database user 
accounts with the minimum permissions required for Superset's operation 
(typically read-only access to necessary schemas/tables).
+* **Database Roles & Permissions**: Utilizing database-native roles and 
permissions to restrict access to sensitive functions, system variables (like 
`@@hostname`), schemas, or tables.
+* **Network Security**: Employing network-level controls like database 
firewalls or proxies to restrict connections.
+* **Auditing**: Enabling database-level auditing to monitor executed queries 
and access patterns.
+
+By combining Superset's configurable safeguards with strong database-level 
security practices, you can achieve a more robust and layered security posture.
+
 ### REST API for user & role management
 
 Flask-AppBuilder supports a REST API for user CRUD,

Reply via email to