[HN Gopher] Show HN: Aidmin - Web-based database GUI
___________________________________________________________________
Show HN: Aidmin - Web-based database GUI
Author : inssein
Score : 76 points
Date : 2021-04-18 15:32 UTC (7 hours ago)
(HTM) web link (aidmin.io)
(TXT) w3m dump (aidmin.io)
| johnchristopher wrote:
| Looks neat. From the video, I assume it keeps a log of every
| users' queries, right ?
|
| What's the advantage over giving dbeaver to users and set up
| their users right at the db level ? Cleaner UI (that's a big +1)
| ? Access and right management ?
| inssein wrote:
| Every action against a data source is logged and query-able.
|
| At my current startup, giving acess to everyone at the company
| to use a traditional tool (dbeaver, datagrip, etc) is not
| simple because our databases are not publically accessible.
| This means every employee would need an ssh key to a bastion,
| and our onboarding / offboarding process would involve adding /
| delete users constantly.
|
| With Aidmin, they can invite users to their workspace and
| utilize Signle Sign-On for added security.
| jamra wrote:
| Protection from ransomware is another. If they lock down the
| server that runs this app well enough, it's significantly more
| secure than production access to every developer.
| zsims wrote:
| > In order for Aidmin to help you manage your database, we
| require that you share your database credentials with us.
|
| Woah. This is a huge red flag for any company or enterprise.
| easton wrote:
| Oh, I thought that this was a self-hostable thing since it was
| on GitHub. Nope, these are just docs for a SaaS that wants
| presumptively root access to the database (because you have to
| be able to delegate user roles inside of it)? Who in their
| right mind would use this, because even if the person who made
| it isn't evil, the second their systems get compromised every
| last row of PII from every client is vulnerable.
|
| To the developer: please reconsider your approach, because as
| of right now nobody can use this and still have their customers
| trust them. To everyone else, until there's a 2.0 or self-
| hosted version of this, Hasura+Metabase was recommended for
| this in a HN thread last year and looks pretty neat, if not
| covering the exact same usecases.
|
| (Yes, I realize that the same is true of a database hosted in
| AWS/Azure/GCP. But you can sue them if someone gets access to
| your data through them, and the US Government and every major
| bank uses one of those services, so I'd be more willing to
| believe in them vs a early stage startup).
| kqvamxurcagg wrote:
| Looks neat. I've developed a bunch of apps for our business but
| haven't developed a management GUI. Looks like this could do the
| job with minimal hassle.
| conzar wrote:
| For read-only, we use Metabase at work.
|
| https://www.metabase.com
| de6u99er wrote:
| What happened to the source code? Someone could easily get the
| impression that you're using other peoples' open source code in
| your application, or that you're trying to hide something else.
|
| As long as I don't see the source code, you won't get any other
| feedback from me.
| inssein wrote:
| It is currently closed source. The documentation repo is what I
| am currently using as a temporary website.
| yoavm wrote:
| What databases are supported? I couldn't find any list like that.
| inssein wrote:
| Currently only Postgres and MySQL.
| ark0n3 wrote:
| I would see this as an on-premise tool more than a SaaS, given
| we're taking about low level access to dbs. My 2 cents.
| inssein wrote:
| Fair feedback. That said, a lot of SaaS companies exists today
| which require a database connection in order to operate. They
| all also offen on-prem, but for enterpise sales only.
|
| Everything I have is fairly automated so I think it'd be
| trivial to offer an on-prem version at some point, but
| currently still figuring things out.
| tendencydriven wrote:
| I think the main difference between SaaS companies that
| require a database connection and Aidmin is that (from what I
| can gather) Adimin requires root credentials whereas other
| SaaS tools can have limited access to DBs.
| inssein wrote:
| Hi All,
|
| I've been working on Aidmin for quite some time now, and finally
| released a beta version of it.
|
| I've focused most of my efforts on security, making sure that
| Aidmin can't negatively impact your database. I talk about that a
| little bit in the Security Overview (https://github.com/aidmin-
| io/docs/blob/main/security-overvie...).
|
| I would love to know if Aidmin would be helpful at your
| workplace, and if not, why? Are there any features that are
| missing which would make it much more useful?
|
| Thank you for checking out the project!
| cloudking wrote:
| It looks like your goal is to enable non-developers in an
| organization to make changes to a production database?
|
| If so, you may want to consider that non-developers typically
| don't have access to production databases for a good reason:
| they can easily make breaking changes.
|
| You may want to consider creating a "pull request" type
| functionality where a non-developer can create a change, and
| instead of having it executed immediately, be sent to a
| developer/reviewer for review and approval. This would still
| save developers time in crafting complex SQL queries, instead
| focusing on reviewing the changes others are proposing and
| ensuring they don't break the system.
| inssein wrote:
| That is exactly my early goal.
|
| Currently, the column based access should help limit
| modifications to only specific columns. That said, I have
| heard this feedback and definitely have started thinking
| about an approval / pull request based workflow.
| cloudking wrote:
| For some more context, when I worked at a large
| organization, any manual changes that were being made via
| SQL commands or CLI commands were sent through our code
| review system first.. and these were being done by
| developers. So by enabling a similar paradigm with a UX for
| non-developers, I think you're on to something here, good
| luck!
| lakshmibaskaran wrote:
| Does this not limit the speed and agility at which some
| organizations operate? Non developers should only be granted
| access to the tables that does not lead to a breaking change.
| wutXthree wrote:
| >they can easily make breaking changes
|
| this can be mitigated with roll-back scripts
| inssein wrote:
| As another idea, since all the changes are described in an
| AST, I could offer a "undo" in the query log for INSERT
| action. The UPDATE action would require a bit more work as
| I don't track the previous data (and it could be changed in
| another system as well).
| adontz wrote:
| I would attach Django to an existing database and [ab]use
| django.contrib.admin to get quite user friendly interface to a
| database, with validation, mater-detail views, etc. It's really
| not that hard.
|
| What is the advantage of aidmin?
| inssein wrote:
| Amost every language has a framework that lets you get some
| form of quick administration up, but I've found that even
| with this, developers are still having to do things directly
| in the database.
|
| This is also just the initial iteration. If you had a chance
| to check out the demo, all the screens where you manage your
| workspace (users, data source, etc) are all joins and use the
| Aidmin to manage itself.
| lakshmibaskaran wrote:
| Start ups do not have the luxury of creating access control
| mechanisms for developers in the Production DB. I believe Aidmin
| will act as the Audit log for developer access
___________________________________________________________________
(page generated 2021-04-18 23:01 UTC)