I’d like to use a Grafana dashboard as a public facing weather page. The data presentation is simply superior to every other option I have available. And it lets people tinker with viewing historical data. It also has the best responsive mobile view of all the options I have available. So if I can make this work securely and safely, i is what I want to do.
Grafana is running on a Windows 10 PC behind a firewall. I created
public_org as an org that is used only for this purpose. In
defaults.ini, I enabled anonymous, set the anonymous org for
public_org, and set the anonymous org role for
Viewer. I believe this makes it so someone that is not logged into Grafana can only see and interact with
public_org and only the data sources the org has.
The only data source available to the
public_org is a local mySql database that contains the weather station data. The SQL database user assigned to the datasource has only
select rights to that database and no other rights at all. There is no data in this database that is sensitive or private. The same data goes to various public weather websites like wunderground. Try as I might, I have yet to identify an OpSec risk derived from the humidity. So a public viewer being able to see the entire data set is not only ok, it is the entire purpose.
The only Grafana user account on this Grafana server at this time is my admin account, which is not
admin and has a strong password. So if someone snooping around wants to try logging in, it isn’t happening.
Are there any other matters I should set or change in the ini? Any vulnerabilities I should be aware of? Can I limit how many incorrect login attempts are made somehow?