Retool + PostgreSQL Security
Retool makes building internal tools easy, but database access requires careful security configuration.
Why Retool + PostgreSQL?
Retool is widely used for internal tools with PostgreSQL backends. The direct database access means security is critical.
Common Vulnerabilities
These are the security issues we find most often in Retool apps using PostgreSQL.
Overly Permissive Database User
Retool may connect with a superuser account that has more access than needed.
SQL Injection in Queries
Retool queries with user input can be vulnerable to SQL injection if not parameterized.
Unrestricted Resource Access
All Retool users may have access to all database connections.
Read Access to All Tables
Even read-only tools may access tables they shouldn't.
What We Check for Retool + PostgreSQL
Database User Permissions
Review the PostgreSQL user Retool connects as.
Query Parameterization
Check all queries for proper parameter handling.
Resource Access Control
Verify Retool groups have appropriate resource permissions.
Audit Logging
Check that Retool audit logs are enabled.
Quick Security Wins
Apply these fixes right now to improve your security.
Create a limited PostgreSQL user for Retool: GRANT SELECT ON specific_tables TO retool_userUse {{ }} syntax for all user input in queriesConfigure Retool resource permissions per groupEnable audit logging to track data accessCreate separate read-only and read-write resourcesThe Bottom Line
Retool + PostgreSQL is secure when using limited database users and proper query parameterization. Never connect with a superuser account.
Secure Your Retool + PostgreSQL App
Find Row Level Security misconfigurations, exposed credentials, and other vulnerabilities before attackers do.
Start Security ScanFrequently Asked Questions
What database permissions should the Retool PostgreSQL user have?
Create a dedicated user with minimal permissions: GRANT SELECT, INSERT, UPDATE ON specific_tables TO retool_user. Never use a superuser or the postgres account. Create separate read-only users for dashboards that don't need write access.
How do I prevent SQL injection in Retool queries?
Always use Retool's {{ }} syntax for user input: SELECT * FROM users WHERE id = {{ textInput.value }}. This automatically parameterizes the query. Never concatenate user input into SQL strings - even for experienced developers, this is a common source of vulnerabilities.
Can I restrict which Retool users access which databases?
Yes, use Retool's resource permissions. Create groups (like 'Sales' and 'Engineering') and grant each group access only to the resources they need. This means a sales dashboard can't access engineering databases.
Should I use Retool Cloud or self-hosted for sensitive data?
For highly sensitive data (healthcare, finance), consider Retool self-hosted where data never leaves your infrastructure. Retool Cloud is secure for most use cases, but compliance requirements may dictate self-hosting. Both support SSO and audit logging.