*Frustrated user noises* Whyyyy, Grafana, why don't you implement any actual query forgery checks?!

So long as a user has access to the Grafana frontend, they can happily forge the requests going off to the backend, and modify them to return *whatever* data they want from the datasource.

No matter that they're a read-only user. That only stops them from modifying the dashboard definitions on the frontend, but doesn't enforce any sort of immutability on the BE...

If anyone had any tips on how to further secure it, I'm curious...

Holy shit!
The first thing that comes into mind would be some kind of sandbox per user session ...

Just making VPN tunnel between frontend and backend.

Either with things like Wireguard or Talescale as software.

Or it would be even easier to setup cloud provider private network between servers. It is usually offered for free feature and easily can be setup as a code at terraform level or any similar infra provisional tool (Pulumi?)

@PonySlaystation Sadly, heavy modifications to Grafana itself is out of the game, I am not a programmer and my company would never pay for all the effort I'd have to go into to do that. I complained directly at Grafana's community forum, alas, without any sort of reaction...

@darkwind I don't worry about MITM attacks, rather, query forgery / modification by the clients themselves. The query gets sent over HTTPS to the Grafan server, that then sends it through a wireguard tunnel to prometheus. However, as said, the Grafana FE and BE don't implement any sort of query forgery mitigation... Once you can access the FE, you can query any and all data that the prometheus instance contains - All the data from all of our servers...

@Aldar ah, the level access problem.
How to make sure user will not escape out of the shell

The only idea I have then, querying time series database on your own in your backend API and outputting in JSON format to render in a lazy arsed frontend