1. How is this authentication achieved for the PostgreSQL integration?
Ally gets the following inputs from users for authentication:
* Connection name
* Port number
* Database name.
We use SQL Alchemy, which is the open-source library that facilitates the communication between our program and DB.
2. How are tokens/credentials stored and destroyed?
Tokens/Credentials are encrypted using base64/cipher algorithm and stored in the database for establishing a dynamic connection as and when required. When a connection is destroyed, it will also destroy the credentials along with it.
3. Once connected, what permissions do the integrations require to operate?
Once connected, the integration requires our application IP to be whitelisted at the database instance to allow incoming requests from our app. Apart from this, the database user account that the user provides as input should have read access for the respective database.
4. Do you collect and store any data from these integrations?
We do a sanity check for queries to ensure read-only queries and collect only the response data of the query as part of the integration.
You can read more about our integration here.