my manager thinks it would be better to write an own API for the data flow between Grafana and our database to protect the database. The database is very important.
I think this is a bad idea, but I couldn’t convince him yet.
I think it is a waste of time. It costs time, it adds additional complexity and maybe it does not even add security. Maybe it even adds security risks, because it is an additional attack surface.
Since the Grafana user is read only, there is no risk to the integrity of the database.
If Grafana is password protected, there is no risk to the confidentiality of the database.
And I guess it is also very unlikely that Grafana goes crazy and stresses the database and thereby lowering the availability of the database.
What is your opinion about this? Can someone argue why this is a good/bad idea?
Thank you very much.