SQL Password send in clear text

[nanohayder]

Thank you so much for this great plugin it helped us a lot but we have one issue with it is that the SQL Credentials and the DB name and the DB IP all are send in the url in clear text even if it's encrypted it will show up on the client side in the developer tools is there anything we can do so that we only send a request for the data without the credentials? if it can be done using proxy and all the data is handled from the client side that would be even better?

Thanks

[gbrian]

Hi @nanohayder ,

We can think on having a settings file for this so you define a datasourceid on the url instead whole connection string.
Currently (not sure) but setting as Proxy datasource a non admin user should not be able to see it as is grafana backoffice running the request not the client. If it's set as Direct it is the browser running the request.

[nanohayder]

Hi @gbrian

I think if we can't make as a proxy and it has to be direct then I think we need to add authentication to the request same Grafana as they have done with mysql driver they are sending the query with an id for the data source but the request is authenticated using grafana.

Thanks