How to Secure dashboard iframe of (public url)

Elastic Stack Kibana
1

Hello @elastic #stack-kibana #dev-kibana.

We aim to create a restricted dashboard's iframe of public url. It is accessible only if the dashboard contains the userIds. if user access the dashbaord's public url without the userid then it should not be visible. We intend to embed this iframe in our app and users to view the dasboard its per tenent dasboard. How can we ensure its privacy? Additionally, we want to prevent anyone from determining the iframe's existence to prevent potential exploitation.

2

You already opened the same discussion at Secure Kibana Dasboard Iframes

Please keep the same discussion in one single place unless the new question is unrelated.

1 Like
3

Sure, Can you provide solution to the query i have asked.

4

Right Now Dashboard public url is accessable to everyone in iframe with and without the parameter. suppose that there is query:'id:(8-8-4-8-3**c*7)') paramter in the url then only can be retrieved or viewed and if the user view / go to the link without those parameter then it can be viewed.

We are in need to integrate that in our app in order to show the dashboard to particualr users with their data only without logging into elastic.

<iframe src="https://my-deployment-*****-west-1.aws.found.io:/app/dashboards#/view/c***0-1***a-*-*-*?embed=true&_g=(refreshInterval:(pause:!t,value:0),time:(from:now-1y,to:now))&_a=(query:(language:kuery,query:'id:(*-8-4-8-3**c*7)'))&show-time-filter=true&hide-filter-bar=true" height="600" width="800"></iframe>

#elastic @elastic kibana #dashbaords dashboard