I would like to have an extra permission setting for data tables: readable and/or writable for server code only, so NOT for server uplink code. Reason behind this is that I want another trust level for data tables, (like anvil secrets which can only be accessed by server code, not by server uplink code) so that if a server uplink key gets compromised my data tables cannot be accessed/changed.
2 Likes
Would a client-level Uplink connection work for you?
Hi,
Iâm afraid not, client uplink doesnât let you register server functions which is wat I need to access local data from my server code.
So to explain my architecture, There are several 3rd party servers (not under my direct control) who run my server uplink code so that I can access local data on their servers. They are what I would call semi trusted, they have full control over their local data but I do not want them to access my data tables directly, only through server code which is under my direct control.
I havenât thought this through, but have you tried creating a second app with the uplink and without tables?
It may not work, because if the second app doesnât have access to the tables, then itâs useless, and if it has access, then itâs dangerous.
But if you want to run code on those servers, you could have the app without tables to do it safely. How? Mmmh⌠with an http endpoint? Meaning the 1st app will call an http endpoint of the 2nd app, which will call the uplink on the server.
Well⌠even if this worked for you, it would be a hacky workaround, not a good solution like addressing this FR.
hi Stefano,
I actually did create a second app to be able to distribute and renew server keys, so the local app only has a client key. for app#2, calls into app#2, which checks some credentials and returns server key for app#1. local then connects to app#1 with server key. But this doesnât solve my issue with data tables. I looked briefly to use http endpoints but as you say, will get (very) complex and slower
1 Like
After reading @meelvoorfer 's architecture, I thought of the same thing as this, except having the second app just contain only one table.
It could then be shared with the main app making it impossible for any server uplink code to reach additional data other than what they/other systems uploaded from the uplink.
You could also make this âdata transferring data tableâ a requests system with a scheduled task on App #2, checking the table for empty rows of information requested by App #1 through the shared table, and then filling in the data by calling the uplink scripts.
If you were worried about data leaking between uplinks on this one table, your main app could âconsumeâ the data table information by using a scheduled task to move it to another table under only its control and then deleting it form the âsharedâ table.
I just also want to point out I would rather have the FR then have to do anything I wrote about above to get the same data isolation.
The only thing additional I would want is for you still be able to pass client-writable views for a âserver onlyâ table to an uplink script so it allows you to grant the least permission needed to do the same work.
Edit:
Now that I think about it, it could also just be reversed to allow:
If you could just make it so server functions could be registered on client uplink, that would be a different FR, but would also solve the issue of distributing uplink functionality without distributing data table access.
Hi Ian,
yes client uplink which can register server functions would also solve my problem, I kind of assumed limiting server uplink would be easier to implement&clearer , (when client uplink can register functions it is basically a server uplink âŚ)
Hi Ian
with regard to two apps not sure how this would work, Iâve got an app which users log in to, so I have a users table which must be readable and writable for server code. Several local servers connect to this app with a server key (because register server functions) and once they get a request for data they use the anvil.users.get_user() function to get the logged in user (and make sure somebody is logged in). How can I divide this between two apps? So I would need to connect two running apps somehow, maybe http endpoints would work but this needs a lot of âplumbingâ and this is going to be much slower then doing this in one app.
So iâve got a solution until my feature request gets implemented.
It is basically what stefano proposed: a second app with server uplink, no data tables which is accessible through an http endpoint.
Which means that i have to change all my client anvil.server.call() functions (about 40âŚ) , add anvil.http.request() server functions for these in app#1 and add server anvil.http.endpoints for these in app#2. Because app# 2 has no notion of users i have to pass the user in the requests this also implies that i need some changes in the uplink code, cannot do anvil.users.get_user() anymore.
An advantage of this setup is that you can differentiate between uplink code which is under your control and which is not while the uplink code is exactly the same. The not so trusted code gets the uplink code for app#2, the trusted code gets the uplink code for app#1.
But this a lot of work, and lots of duplication of code so iâm hoping that my feature requests gets implemented!
1 Like