Security concerns

[joshuapease]

Nevin raised some potential concerns about security.

Mainly... we have read access on the database and all child pages.

If someone has access to the API key, they could view our full list of clients, their plugin version and other sensitive data.

Notion doesn't make it particularly easy to spin up multiple keys for one integration. You have to create one integration per site and attach that integration to the inventory database.

Possible solution:

• Give the integration "write only" access.
• Manually create a Notion DB row for the site
• For each site, you provide the ID of the row that the site can write to.

The downsides of this method:

• This is a bummer for tracking multiple environments per site. You'd have to create a row ID per site, per environment.
• For multisite projects, you'd either have to create a row ID per site (and map site handle -> row). Or we would just write to a single row and store data about the sites in a new column
  • This isn't the worst... because the plugin and server data would be identical for all multi-sites anyway.