I would like to understand the boundaries of FE and BE of an Appsmith app so the security model is clearer.
For example, if we use current user email as a filter in sql query, will this be only residing in BE?
Obviously we don’t want users to be able to mess this from FE to peek other users data.
Please enlighten me on this a bit. Since I couldn’t find any documentations
Only Admin or Developer roles can modify an SQL queries. A good practice is to assign app viewer role to end users if you want to avoid modifications.
More details on access control can be found on this page
I’ll add a little more colour to what Vinod mentioned.
Appsmith’s backend system currently doesn’t store any information about the dynamic variables or the response data. It acts as a pure proxy system. This is to ensure that any private/confidential data is never logged or stored in Appsmith’s data stores. Hence, as a user, if you define a dynamic variable in your query, the frontend client evaluates these variables and sends them to the backend API server to perform the actual execution.
The Appsmith server only stores the configuration of the actions so that the SQL query body or custom API URLs are never exposed to the client in “view” mode. This protects the application as well since viewers cannot deduce the actual query being executed.
Hope this gives you a slightly better idea about the data model and why it is currently so.
Adding some more context from Arpit to explain technical overview of Appsmith:
The Appsmith server is written in Java because its main job is to act as a proxy server. Hence, we chose reactive Java because it gives us the benefits of reactive connections (like NodeJS) with the added benefit of being a compiled time language and hence more performant out of the box. The NodeJS service is a very small service that handles realtime websockets with the client browser. It doesn’t do any processing apart from websocket connection handling.