Is it appropriate to display a "public" web app from Dataiku on a retail website?

I have never really exposed Dataiku web apps in “Public” mode, i.e., open from the instance.
Dataiku seems to make it clear that this is not very secure and that the service could be compromised if someone finds its URL. However, I need to expose a web app quickly on my website, so I'm wondering what the risks are of publicly exposing the web app through my website, which would be the showcase for my web app. I find that there is very little information on this subject, but I suppose that is because consuming a public web app from DSS without a license is not part of the product model ?
Thank you for your time
Operating system used: ubuntu
Operating system used: ubuntu
Answers
-
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 2,574 Neuron
When the documentation refers to “public” webapps it’s really talking about allowing unauthenticated users to access the webapp. This has nothing to do with having the DSS URL being accessed over the internet.
Whether this is appropriate only you can know. Having non-authenticated users access the webapp is perfectly fine in terms of licensing. But of course that means you control who access the webapp unless you implement custom authentication and authorisation in your webapp. A much better model is to have users get a Reader license which is free and then permission these users so they can use the webapp with DSS authentication. If you use SAML SSO they can “login” to the webapp silently in SSO mode. -
Grixis PartnerApplicant, Dataiku DSS Core Designer, Dataiku DSS ML Practitioner, Dataiku DSS Adv Designer, Registered Posts: 110 ✭✭✭✭✭✭
Hi @Turribeach,
Thank you,
I was thinking about build a proxy system for expose my webapp through my website but as you said the core model is to have consumer with reader license or to build an intermediate webapp (exposed on my website) which consume DSS API service.