I would like to know which security guides I should follow to avoid security issues in Baserow. For example, I’m a new Baserow user and would like to know if there is any guide or tip on how to best use Baserow.
What security guides do I need to follow to avoid any security issues in Baserow?
Other related questions:
I would like someone to help me with the main question, but if someone can answer these extra questions, I would be happy for the comment clarifying it.
1. One of my concerns is someone trying to access my Baserow account. Is it possible to have a redirection of Baserow notifications to a specific email that is different from the account email I created from Baserow?
2. Do you all have any documentation for end users to read about privacy, security or a step by step guide on how to use Baserow?
3. How does the Baserow roadmap work? Is there any timeline or release date or update to keep track of? Is there any rss channel for me to subscribe my email and follow Baserow updates?
All best practices and general guidelines for avoiding potential security issues should be applied when working with Baserow too. These are:
Using a strong and unique password.
Limiting access to your workspace.
Only invite people you know.
Deactivate the accounts of members who no longer require access.
Perform regular backups.
To enhance the security of our users’ data, we have the following product security features:
Manage Permissions: Baserow allows admins to control their permission levels to restrict access to data by assigning roles to users in workspaces, databases or tables.
Share view password protection: Baserow offers password protection to restrict access for public view sharing, and it is also possible to disable the shared link.
Single Sign-On (SSO): Baserow offers SSO functionality for Enterprise customers to access the app through a single authentication source.
Audit Logs: Baserow provides admins access to detailed information about every action performed in your Baserow instance. This can help identify potential security issues and investigate suspicious behavior.
Instance-wide admin panel: Instance admins can delete or deactivate users and workspaces associated with their Enterprise account, view user activity and other data point reports, set account restrictions and authentication settings for their organization, and view an organization’s complete list of licenses.
API token permissions: It is possible to give create, read, update, and delete permissions up until table level per token.
Filter and hidden fields from a view share link: When you create a view share link, the filtering and hidden field conditions used to create the view will be available to others who access the view through the link, meaning that rows that are not visible due to the filters will never be visible to visitors, so you can safely share the link.
Now, to answer your questions one by one:
No, it is not possible for anyone other than the account owner to receive notifications. Notifications will be sent to the email used to create the account. Furthermore, it is not possible to change the account email. To change the password, you must provide the old password.
We have a general Privacy policy document, but this page is for informational purposes. Please keep in mind that we may update or change this document: Privacy Policy // Baserow.
Is there any rss channel for me to subscribe my email and follow Baserow updates?
We recommend subscribing to the Baserow newsletter (at the bottom of the website) and setting up notifications for the Announcement channel so that you never miss any important news or updates. Here are the instructions on how to do so: 🦾 How to use the Discourse forum?. Additionally, we plan to send app notifications for important news and updates soon.