Open infinitetrooper opened 1 year ago
sharat87
commented
1 year ago Do we want to restrict whole of Appsmith, or just being able to login? Like, for those restricted IPs, should they be able to access public apps on Appsmith, without logging in?
If no, then the restriction can be over the Appsmith server itself, using AWS Security groups or even a firewall, right?
If yes, that's a feature request we need to think about.
yogeshvachhani
commented
1 year ago The app built in AppSmith should be restricted.
This facility should be provided at App level so that we can control access to each app independently.
yogeshvachhani
commented
1 year ago If you can restrict the whole of AppSmith then it would be one more great feature!
sharat87
commented
1 year ago Hey @yogeshvachhani, thanks for chiming in.
If you can restrict the whole of AppSmith then it would be one more great feature!
Can you confirm your choice of deployment method please? If you're deploying Appsmith to an EC2 on AWS, you can configure your Security Group to only allow a certain set of IP Addresses to be able to access your Appsmith. Would this be a usable solution?
This facility should be provided at App level so that we can control access to each app independently.
This would be a new feature request. Can you elaborate a little on the usecase that we're solving with this please? Asking because this is the first time I'm seeing this, so very curious on what problem(s) we're attempting to solve with this. Thanks!
yogeshvachhani
commented
1 year ago Can you confirm your choice of deployment method please? If you're deploying Appsmith to an EC2 on AWS, you can configure your Security Group to only allow a certain set of IP Addresses to be able to access your Appsmith. Would this be a usable solution?
We host on our own private VPS. So security features provided by AWS will not apply to us.
This would be a new feature request. Can you elaborate a little on the usecase that we're solving with this please? Asking because this is the first time I'm seeing this, so very curious on what problem(s) we're attempting to solve with this. Thanks!
We have two apps. At present these apps are not developed in AppSmith but we want to convert them if possible.
That said...
One app is accessed by our employees and is strictly for internal use.
The second app allows customers to access our system and perform various activities like creating their orders, tracking their orders, etc.
In both the situations the apps will be in the same AppSmith instance so restricting access based on IP addresses per app will be required.
yogeshvachhani
commented
1 year ago Sample from another tool showing kind of security features that can be provided.
For idea of what to provide please look under section/heading Security, Password & Brutal Force Security.
sharat87
commented
1 year ago Thanks @yogeshvachhani, that's lovely detail. Appreciate the effort you've put in for this.
So this sounds like we'll need app-level, and/or workspace-level IP address whitelisting. This will be a new feature. We'll add it to the Roadmap and consider it for prioritization. Thank you!
Sorry for the delay in getting back. 🙏
yogeshvachhani
commented
1 year ago @sharat87
Thanks for taking up this request. When you add it to your Roadmap I would also suggest that you add app access restriction like only those users can access a app to which they are assigned.
I personally feel this will go a long way in controlling who can access which app and thus see which type of data.
Once again. Thanks for paying attention to my suggestions.
Customers need to restrict users from login into the web app from a predefined set of IPs only. If the user trying to log in not from the predefined IPs then s/he cannot log in to the system.