john-bodley edited a comment on issue #13954: URL: https://github.com/apache/superset/issues/13954#issuecomment-816239312
TL;DR Feature request changes to remedy security vulnerabilities Though the reporting and alerting feature is great and I can understand the desire for Slack integrations for alerting etc., I and others sense this exposes a fairly major data security vulnerability, i.e., users could be exposed (via email or Slack) to information which they do not have permission to via the Superset UI. Ensuring Superset adheres to the defined security policy should trump any desired functionality. Superset needs to have a sound concise and do the right thing, any downstream actions taken by individuals, i.e., forwarding of emails etc., is outside of Superset's jurisdiction. I propose the following changes should be made with the understanding that functionality will be impacted: 1. The Slack and generic email notification methods be disabled. This exposes a fairly major security vulnerability as Superset has no a priori knowledge which individuals are members of said Slack or email group. 2. Recipients should be Superset users (see screenshot). Users are emailed content according to the email registered in their profile. 3. The screenshots are captured on behalf of each user. This ensures what they receive is _identical_ to their interactive Superset experience. Though this requires more requests, if run sequentially the chart payloads will be cached and thus the overhead should be manageable. Note this is a more desirable user experience than checking whether said user can access the entire dashboard in question and attaching the image only if this is the case. These changes should be fairly minor in terms of engineering work and do remedy the security issues. Down the road we can explore how we could integrate with Slack et al. in a more secure way. ### Screenshots #### Before <img width="1137" alt="Screen Shot 2021-04-09 at 9 07 52 AM" src="https://user-images.githubusercontent.com/4567245/114099335-b9c5a480-9916-11eb-95dd-79d82ed6840f.png";> #### After <img width="1139" alt="Screen Shot 2021-04-09 at 9 12 17 AM" src="https://user-images.githubusercontent.com/4567245/114099373-c813c080-9916-11eb-90cc-8b2b4d9c8093.png";> cc: @graceguo-supercat @junlincc @nytai @willbarrett @zuzana-vej -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
![https://user-images.githubusercontent.com/4567245/114099335-b9c5a480-9916-11eb-95dd-79d82ed6840f.png"](https://user-images.githubusercontent.com/4567245/114099335-b9c5a480-9916-11eb-95dd-79d82ed6840f.png"){kind=link}
![https://user-images.githubusercontent.com/4567245/114099373-c813c080-9916-11eb-90cc-8b2b4d9c8093.png"](https://user-images.githubusercontent.com/4567245/114099373-c813c080-9916-11eb-90cc-8b2b4d9c8093.png"){kind=link}