Airbyte is an open-source data integration engine that helps you consolidate your data in your data warehouses, lakes and databases.

Airbyte

security-check.mp4

:tada: :closed_lock_with_key: *Security check when setting up OSS* *Airbyte*

With the just releases version 0.44.0, Airbyte will do a self-check whether it’s secured properly and otherwise show the user a big error. The self test checks whether the Airbyte installation is publically available and (if secured) whether it used the default username/password. If so we try to make it perfectly clear to the user, that this will potentially leak their data.

:video_camera: See the attached screencast for how this will look like in action.
:technologist: <https://github.com/airbytehq/airbyte-platform/commit/507a9c473de7d03403c4b0c0f2faebdc36a4e513|Commit change> with the change
:thread: For more technical details.

*How does this actually function under the hood?*

The Airbyte UI will be calling an API endpoint, and pass it the domain the user entered to access the UI. Our server will then try to see if it can reach the Health API under that domain, and if it’s secured if it’s using the default username/password, and return those results to the UI, which shows the appropriate error.

*Does this find all cases?*

No, there are a handful of false-positive and true-negative cases that this check won’t catch, why we tried to design the error (or more specifically the success) messages carefully, since not in all cases we think the instance is secured, it really fully is.