About Security Model
Hi folks,
I need a database cache and because I use Prisma ORM Prisma Accelerate is very nice for it.
I investigated how to ensure security of Prisma Accelerate and found:
- API key: used from application to Prisma Accelerate
- Static IP: used to fix Accelerate IP address and DB can accept only that Accelerate IP Address.
I can understand a security risk between Accelerate and DB would be tiny with Static IP.
However, communication between applications and Accelerate is authenticated only by API-key string. applications look enabled to run arbitrary SQL with API key. The risk when API key is leaked looks not small to me.
Is there any way to ensure a safety about this concern? Or is it trade-off for simplicity or usefullness?
3 Replies
Howdy, friend! I'm the Prisma AI Help Bot — fast answers from me, or slow, hand-crafted wisdom from a dev? Choose wisely, adventurer.
applications look enabled to run arbitrary SQL with API key. The risk when API key is leaked looks not small to me.Can you please elaborate on this? You should be able to prevent the application from running arbitrary SQL. Are you using raw queries in your app? Your API Key would be stored on your backend, so it shouldn't be exposed in frontend
Thank you for response.
I mean, in "best practice", database instance shouldn't be exposed to internet.
Transmission between Accelerate and database can be secure by Static IP and firewall.
However, That between application server and Accelerate is protected only by API-key string and I feel some anxiety whether it is enough for security of database.
I know, security is trade-off but it is great that I can find another way to deal with it if it exists