IP Whitelisting Security Concerns

We are trying to get one of our clients to use retool but their IT company says they’re not comfortable with opening a port on their server for accessing their SQL Server instance.

My understanding is that with IP whitelisting retools server, the security risk is extremely minimal. Am I incorrect?

Does anyone have any documentation or blog posts I could send them?

Hi @socaljoker!

Here's a snippet from our site:

Retool comes with the kind of security, reliability, and controls that every internal tool deserves. Your customer data is never stored on our servers and we use end-to-end encryption to keep your data safe while it’s in transit. For more information, see our security documentation. If we don't answer your question there, let us know.

You can also let me know here if those security docs don't answer any of your or your client's concerns. 😊

I've had the same question for awhile. This answer was a bit helpful https://security.stackexchange.com/a/177945/210512

But I'm still not sure "how" secure IP whitelisting is. It seems to me that in combination with a secure username/password, fairly secure?

Definitely. IP whitelisting is a security feature often used for limiting and controlling access only to trusted users (Retool in this case), so whitelisting Retool's IP is also much safer than opening up your endpoint to all traffic and restricting certain connections (blacklisting).

The big drawback of whitelisting is that it can be more complex to implement and often requires information specific to each organization (like the db connection info). We also don't store any of your info client-side: the Retool backend proxies the request to the database, applying the credentials server-side. None of the data returned by your database is stored on our end!

1 Like

Victoria, if we did IP whitelisting, would that mean every retool customer could potentially connect to our database, right?

So I'm assuming we'd need strong passwords to ensure no one besides us could connection back.

Are there any other features that could mitigate this?



Only if they had your db credentials as well!

We do have a few different options for deploying Retool on-premise. On-premise deployments aren't susceptible to any potential Cloud latency issues and each release is heavily vetted for bugs or breaking changes. And you host on your own machine so you' can access data that is only accessible from your private network. If you are looking at the Free or Startup level plans on your deployment, the self-serve on-premise option is a great start.

Let me know if you have any other questions :blush: