Sami Serbey

02/08/2023, 7:52 PM
Hello, I hope all prefect community is good. I am launching a
prefect orion start
command in a docker container connected to a postgres server. My prefect server is open to the world with http access. Is my architecture susceptible for an sql injection? Can prefect be attacked by SQL injection? Should I take care of this? Thanks for taking the time for reading my post. I wish you a nice day 🙂

Christopher Boyd

02/08/2023, 10:01 PM
If you’re in a cloud , I would definitely add an acl or whitelist on your inbound traffic
SQL injection aside , a direct , publicly exposed app that’s not even being a reverse proxy or something is not an idea setup for security

Sami Serbey

02/09/2023, 2:44 PM
Hello @Christopher Boyd thank you for your reply. Actually it is hosted on a VM where my IP is whitelisted to access the VM. Is that enough you think? Thank you. The connection is also TLS encrypted.