Is it appropriate to display a "public" web app from Dataiku on a retail website?

Grixis
Grixis PartnerApplicant, Dataiku DSS Core Designer, Dataiku DSS ML Practitioner, Dataiku DSS Adv Designer, Registered Posts: 110 ✭✭✭✭✭✭

I have never really exposed Dataiku web apps in “Public” mode, i.e., open from the instance.

Dataiku seems to make it clear that this is not very secure and that the service could be compromised if someone finds its URL. However, I need to expose a web app quickly on my website, so I'm wondering what the risks are of publicly exposing the web app through my website, which would be the showcase for my web app. I find that there is very little information on this subject, but I suppose that is because consuming a public web app from DSS without a license is not part of the product model ?

Thank you for your time

Operating system used: ubuntu

Operating system used: ubuntu

Answers

  • Turribeach
    Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 2,574 Neuron

    When the documentation refers to “public” webapps it’s really talking about allowing unauthenticated users to access the webapp. This has nothing to do with having the DSS URL being accessed over the internet.
    Whether this is appropriate only you can know. Having non-authenticated users access the webapp is perfectly fine in terms of licensing. But of course that means you control who access the webapp unless you implement custom authentication and authorisation in your webapp. A much better model is to have users get a Reader license which is free and then permission these users so they can use the webapp with DSS authentication. If you use SAML SSO they can “login” to the webapp silently in SSO mode.

  • Grixis
    Grixis PartnerApplicant, Dataiku DSS Core Designer, Dataiku DSS ML Practitioner, Dataiku DSS Adv Designer, Registered Posts: 110 ✭✭✭✭✭✭

    Hi @Turribeach,

    Thank you,

    I was thinking about build a proxy system for expose my webapp through my website but as you said the core model is to have consumer with reader license or to build an intermediate webapp (exposed on my website) which consume DSS API service.

Setup Info
    Tags
      Help me…