We have done a lot of work on both client-side (SQL editor, rendered vega) and server-side (altair- ibis, pymapd) connections to omnisci databases. A few of these interactions involve sending connection credentials to the frontend, which can then be stored in the notebook. In general, it is not good practice to store credentials in notebooks, as it presents a security risk. There are a couple of ways we can address this:
Still send the credentials over the wire, but delete them on the frontend after we are done. This may be enough, but is probably not 100% secure. If there are other frontends that are receiving the data but not using our client-side code, it would be persisted (time estimate ~4 hours)
Refactor our notebook widgets to use Comms/ipywidgets. They can then make a request to the server for the data they need without storing authentication credentials. This is probably the more secure option (time estimate ~12 hours)
I don't know whether these fit cleanly in our current SOW, but I think it is probably important to address at some point.
We have done a lot of work on both client-side (SQL editor, rendered vega) and server-side (altair- ibis, pymapd) connections to omnisci databases. A few of these interactions involve sending connection credentials to the frontend, which can then be stored in the notebook. In general, it is not good practice to store credentials in notebooks, as it presents a security risk. There are a couple of ways we can address this:
I don't know whether these fit cleanly in our current SOW, but I think it is probably important to address at some point.