Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

Hello, I hope all prefect community is good. I am launching a `prefect orion start` command in a docker container connected to a postgres server. My prefect server is open to the world with http access. Is my architecture susceptible for an sql injection? Can prefect be attacked by SQL injection? Should I take care of this? Thanks for taking the time for reading my post. I wish you a nice day :slightly_smiling_face:

If you’re in a cloud , I would definitely add an acl or whitelist on your inbound traffic 

SQL injection aside , a direct , publicly exposed app that’s not even being a reverse proxy or something is not an idea setup for security 

Hello <@U03FKQX1TH9> thank you for your reply. Actually it is hosted on a VM where my IP is whitelisted to access the VM. Is that enough you think? Thank you. The connection is also TLS encrypted.