Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Aidmin – Web-based database GUI (aidmin.io)
97 points by inssein on April 18, 2021 | hide | past | favorite | 41 comments
Hi All,

I’ve been working on Aidmin for quite some time now, and finally released a beta version of it.

I’ve focused most of my efforts on security, making sure that Aidmin can’t negatively impact your database. I talk about that a little bit in the Security Overview (https://github.com/aidmin-io/docs/blob/main/security-overvie...).

I would love to know if Aidmin would be helpful at your workplace, and if not, why? Are there any features that are missing which would make it much more useful?

Thank you for checking out the project!




It looks like your goal is to enable non-developers in an organization to make changes to a production database?

If so, you may want to consider that non-developers typically don't have access to production databases for a good reason: they can easily make breaking changes.

You may want to consider creating a "pull request" type functionality where a non-developer can create a change, and instead of having it executed immediately, be sent to a developer/reviewer for review and approval. This would still save developers time in crafting complex SQL queries, instead focusing on reviewing the changes others are proposing and ensuring they don't break the system.


That is exactly my early goal.

Currently, the column based access should help limit modifications to only specific columns. That said, I have heard this feedback and definitely have started thinking about an approval / pull request based workflow.


For some more context, when I worked at a large organization, any manual changes that were being made via SQL commands or CLI commands were sent through our code review system first.. and these were being done by developers. So by enabling a similar paradigm with a UX for non-developers, I think you're on to something here, good luck!


The problem you described at.that organization could have been solved with a policy change though. No need for a new SaaS product.

And if the policy didn't change, this product wouldn't help: Why would they have let people make immediate changes via web interface if things were so tightly locked down?


Does this not limit the speed and agility at which some organizations operate? Non developers should only be granted access to the tables that does not lead to a breaking change.


>they can easily make breaking changes

this can be mitigated with roll-back scripts


In many organisations, a break in a system holding production data is serious even if it isn't a serious break, so being able to roll back or otherwise undo would not cut it.

Much better would be to give them a replica to work on and a change confirmation process that allows signed-off changes to be pushed into production.


As another idea, since all the changes are described in an AST, I could offer a "undo" in the query log for INSERT action. The UPDATE action would require a bit more work as I don't track the previous data (and it could be changed in another system as well).


> In order for Aidmin to help you manage your database, we require that you share your database credentials with us.

Woah. This is a huge red flag for any company or enterprise.


Oh, I thought that this was a self-hostable thing since it was on GitHub. Nope, these are just docs for a SaaS that wants presumptively root access to the database (because you have to be able to delegate user roles inside of it)? Who in their right mind would use this, because even if the person who made it isn't evil, the second their systems get compromised every last row of PII from every client is vulnerable.

To the developer: please reconsider your approach, because as of right now nobody can use this and still have their customers trust them. To everyone else, until there's a 2.0 or self-hosted version of this, Hasura+Metabase was recommended for this in a HN thread last year and looks pretty neat, if not covering the exact same usecases.

(Yes, I realize that the same is true of a database hosted in AWS/Azure/GCP. But you can sue them if someone gets access to your data through them, and the US Government and every major bank uses one of those services, so I'd be more willing to believe in them vs a early stage startup).


If you want a self-hostable thing, https://www.adminer.org/ is a single PHP file you can put on a webserver and use to manage a database[1] that the webserver can talk to; put in the server name and credentials and have a low-effort useful GUI management tool.

[1] It claims: Works with MySQL, MariaDB, PostgreSQL, SQLite, MS SQL, Oracle, Elasticsearch, MongoDB, SimpleDB (plugin), Firebird (plugin), ClickHouse (plugin)


Sure, but why do something with a single PHP file if you can build a dozen microservices and get the same thing?


It doesn't need root access, the RBAC is applied on top of the credentials Aidmin given.

I hear you on the approach, it is something I have been thinking about for a while.


Yes, this is currently a big ask, and understandbly so.

There are a few SaaS companies that exist today which provide similar service, and they all require this level of access, unless you opt for their enterprise self hosted version.

I am probably going to release a self hosted version at some point.


What ? One can go to jail for this as this would mean deliberately breaking company security policies.


From the market research I have done so far, there are over 10 series B companies (some YC companies as well) that require exactly this kind of access.

Edit: They all offer an on-prem version, but only for enterprise ($$$$) customers.


I would attach Django to an existing database and [ab]use django.contrib.admin to get quite user friendly interface to a database, with validation, mater-detail views, etc. It's really not that hard.

What is the advantage of aidmin?


Amost every language has a framework that lets you get some form of quick administration up, but I've found that even with this, developers are still having to do things directly in the database.

This is also just the initial iteration. If you had a chance to check out the demo, all the screens where you manage your workspace (users, data source, etc) are all joins and use the Aidmin to manage itself.


Hate to be a party breaker, but what are selling points of your product? What does it make better than Metabase or phpMyAdmin?

As it was mentioned, sharing access password with the service is worst thing possible in system like yours. It is a dealbreaker for me and many others.


I'd like to check it out, but you can't even view their beta site without giving name and email. It's interesting, but I'm having a hard time getting much enthusiasm when they don't respect my privacy at such a basic level.


Thanks for the feedback. How can Aidmin do better here? You are signing up for a service and effectively creating a workspace for your project / organization.

I could see it not needing a name, but its used to manage your users that belong to the workspace. I thought it would be a better experience than just show the email of the user.


Start ups do not have the luxury of creating access control mechanisms for developers in the Production DB. I believe Aidmin will act as the Audit log for developer access


Why not? Especially at the early stages when there aren't many people it should be easy to implement appropriate access levels.

As for an audit log, what's wrong with those capabilities built into most databases already?


I would see this as an on-premise tool more than a SaaS, given we're taking about low level access to dbs. My 2 cents.


Fair feedback. That said, a lot of SaaS companies exists today which require a database connection in order to operate. They all also offen on-prem, but for enterpise sales only.

Everything I have is fairly automated so I think it'd be trivial to offer an on-prem version at some point, but currently still figuring things out.


I'd suggest turning this into an Open Source product with dual-licensing. Single devs are unlikely to pay for this (though they might use it) and would help with bug reports in the early stages. Enterprises that are willing to install this, will buy a license and support.


I think the main difference between SaaS companies that require a database connection and Aidmin is that (from what I can gather) Adimin requires root credentials whereas other SaaS tools can have limited access to DBs.


It doesn't need root credentials. The RBAC is applied on top of the credentials Aidmin is given.


If someone is capable of hosting their own PostgreSQL database they probably use it as a storage for their backend and you don't want to give any access for production database. If you do then why use self hosted DB? Maybe google spreadsheets is enough for your business?

RBAC? Look at row based security. Audit logs? There are few robust trigger based solutions. Want quick access and UI? Just use any existing tool.

I don't see any benefit of using this tool.


Looks neat. I’ve developed a bunch of apps for our business but haven’t developed a management GUI. Looks like this could do the job with minimal hassle.


For read-only, we use Metabase at work.

https://www.metabase.com


Seems like phpMyAdmin only w/ SaaS. And there's near equivalents for phpMyAdmin for many different systems.


Looks neat. From the video, I assume it keeps a log of every users' queries, right ?

What's the advantage over giving dbeaver to users and set up their users right at the db level ? Cleaner UI (that's a big +1) ? Access and right management ?


Every action against a data source is logged and query-able.

At my current startup, giving acess to everyone at the company to use a traditional tool (dbeaver, datagrip, etc) is not simple because our databases are not publically accessible. This means every employee would need an ssh key to a bastion, and our onboarding / offboarding process would involve adding / delete users constantly.

With Aidmin, they can invite users to their workspace and utilize Signle Sign-On for added security.


Maybe emphasize that last bit more. That starts to distinguish it from the various free options out there that do something similar.

As for databases not being publicly accessible, why not just use a VPN?


Protection from ransomware is another. If they lock down the server that runs this app well enough, it's significantly more secure than production access to every developer.


I think that these differences could be enough.

I've used dbeaver which gets the job done but could benefit from better UI and a web interface. Another of a web app is if a few people can configure everything for the rest of the team(s). If there's a lot of databases and onboarding it can be a chore.


What databases are supported? I couldn't find any list like that.


Currently only Postgres and MySQL.


[deleted]


What happened to the source code? Someone could easily get the impression that you're using other peoples' open source code in your application, or that you're trying to hide something else.

As long as I don't see the source code, you won't get any other feedback from me.


It is currently closed source. The documentation repo is what I am currently using as a temporary website.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: