Closed keenanjohnson closed 1 year ago
Is this still an issue? It looks like the front-end is making a request to the backend flask app for data. The backend has access to the token via an environment variable. It uses the token to access influxdb and returns the data to the front-end. The front-end does not have access or use the token.
Can we close this?
I think you are correct @grayjones ! Closed!
The current Ribbit Network dashboard exposes the Database Access Key as part of the Front End.
Although this is a read-only key, it's probably not ideal to expose it given the risk that someone could DOS the Ribbit Network database or something else nefarious.
It's been proposed in #95 that the way to solve this is to abstract the key from the Front End is by placing it inside of an API like a serverless function or the GO API previously started.
This issue is to come to an agreement on the path foward.