I am trying to implement Grafana Auth Proxy as documented at
- https://grafana.com/docs/grafana/latest/auth/auth-proxy/
- Django auth -> valid session on Grafana behind NGINX
Based on how it works, it seems X-WEBAUTH-USER is set in plain text. So any one who can spoof it, can get logged in.
Grafana does have a IP Whitelist, BUT I dont think its practice to maintain IP Addresses of Docker Containers (Django and Grafana are running in separate docker containers).
Questions :
- Is there a better implementation to achieve some thing more secured?
- Can whitelist have a easier value?