5
15 Comments

Would you give your database credentials to a SaaS?

Hello Indie Hackers community,

For exemple, if I want to build a PhpMyAdmin like but as a SaaS. The user will have to give his DB credentials to allow my SaaS to manage his DB.

I'm really surprised that doesn't already exist, do you think there's too much security issues ?
Would you give your database credentials to a SaaS?

  1. 2

    Retool.com, internal.io and many more are doing millions in MRR and they basically take DB credential to help companies build internal tools

    1. 1

      Interesting, I want to build a concurrent to Retool and Internal (I didn't know them, maybe they already do a good job with their products)

  2. 2

    PhpMyAdmin requires read-write access, so from my perspective, I would not try such SaaS. Different story with local application like desktop app.

  3. 1

    Absolutely not, it's a horrible idea.

    Some people wouldn't mind, though. For the rest of us, you could make a self-hosted version, though.

  4. 1

    Every one will be hesitant to give database password. Hence your product may not get large adoption.

    Here is my suggestion

    1. Create a package for Ubuntu where the MySQL will be installed.

    2. This package will create a required user and make OAuth facilities for your SaaS to connect.

    Will this idea works for you ?

  5. 1

    Lots of SaaS already take your DB credentials for various different reasons.

    However what you should be doing is creating a new user that is specifically for that SaaS and only give that user the permissions its needs, which in most cases will just be read permissions.

    1. 1

      Retool.com, internal.io, and many more are doing millions in MRR and they basically takes credential to help companies build internal tools

    2. 1

      I agree. Not sure why everyone is saying no. Microsoft Power BI is used by thousands of enterprise companies, and they connect directly to your DB.

    3. 1

      And before anyone asks which SaaS take your DB credentials, basically any data visualisation software. There are others too.

  6. 1

    No. Data is the most valuable asset of any software based company. I would never give up control of that.

    1. 2

      You may have a change of mind when you need tools like Retool.com, internal.io, PowerBI, etc.

      Those companies are doing millions in MRR

      1. 2

        Just because I wouldn't do it doesn't mean it's not viable. Technically, if you use a managed database, you're giving away control over your data already. I just value data ownership.

    2. 1

      I think you are right. However, it’s not asking the database owners to give up the “control” in this case. As other have suggested, setting up a “read-only” account and let the SaaS to access this account would be the proper approach.

      1. 1

        Depends on the use case. I could imaging giving read-only access directly to the database, but Paul mentioned PhpMyAdmin, which is used to manage everything.

        1. 2

          Yes, I didn't know these kind of tools already exists, but I want to build a Retool.com and internal.io concurrent

Trending on Indie Hackers
Share your product if you haven't made your first sale :) 31 comments I redesigned my landing page to something completely unconventional/unprofessional 20 comments How we automatically provision SSL for SaaS customers with custom domains 14 comments 44 products by bootstrapped startup founders you can use 12 comments Breaking down one of the most successful ecommerce SEO strategies (IKEA) 11 comments On productized services, a crappy logo, and a shift in perspective that changed everything: Jaclyn Schiff's story 9 comments