I’d like to use a Grafana dashboard as a public facing weather page. The data presentation is simply superior to every other option I have available. And it lets people tinker with viewing historical data. It also has the best responsive mobile view of all the options I have available. So if I can make this work securely and safely, i is what I want to do.
Grafana is running on a Windows 10 PC behind a firewall. I created public_org as an org that is used only for this purpose. In defaults.ini, I enabled anonymous, set the anonymous org for public_org, and set the anonymous org role for Viewer. I believe this makes it so someone that is not logged into Grafana can only see and interact with public_org and only the data sources the org has.
The only data source available to the public_org is a local mySql database that contains the weather station data. The SQL database user assigned to the datasource has only select rights to that database and no other rights at all. There is no data in this database that is sensitive or private. The same data goes to various public weather websites like wunderground. Try as I might, I have yet to identify an OpSec risk derived from the humidity. So a public viewer being able to see the entire data set is not only ok, it is the entire purpose.
The only Grafana user account on this Grafana server at this time is my admin account, which is not admin and has a strong password. So if someone snooping around wants to try logging in, it isn’t happening.
Are there any other matters I should set or change in the ini? Any vulnerabilities I should be aware of? Can I limit how many incorrect login attempts are made somehow?
