Feature Requests

It would be great to have the ability to define an IP allowlist for connections that use tokens as an extra layer of security against token theft.

Are you folks looking to support iceberg? I know there's the duckdb iceberg extension, but its in a very unfinished state (doesn't support catalogs, predicate pushdown, writes ...). We have a customer-facing web-app that mostly deals with pre-aggregated data that we keep in postgres, but some views need to drill down to very small slices of the raw data. The raw data lives in a partitioned iceberg table on S3 (with glue catalog). I can query it with Athena of course, and I indeed tried doing that, but the latency was all over the place. Rather than running trino ourselves, I ended up writing a tiny java api using the iceberg java libraries and the duckdb jdbc connector. Basically for my queries, I use the iceberg library to figure out which are the relevant parquet files to scan, and then query those with a read_parquet([ <the list of files> ]) , and present the results to the client. If duckdb/motherduck supported iceberg more robustly, we'd totally just throw away the little java service and use md! We currently use the iceberg FindFiles helpers https://iceberg.apache.org/javadoc/1.5.2/org/apache/iceberg/FindFiles.html specifically builder there: https://iceberg.apache.org/javadoc/1.5.2/org/apache/iceberg/FindFiles.Builder.html and using the withRecordsMatching() method and applying the relevant filter expressions then build the read_parquet() and swap it into our query. Ideally i'd be able to just write a more boring SELECT blah FROM my_iceberg_table WHERE a = 1 AND customer_id = 2 AND timestamp > :timestamp or FROM iceberg_scan('my_table', catalog='glue', region='us-east-1') . Background: https://motherduckcommunity.slack.com/archives/C058S3CUEAG/p1719443889927559?thread_ts=1719414165.050349&cid=C058S3CUEAG

It would be good to support 2FA, possibly through an app like Authy. Created on behalf of John Apps.

Support a single user being a member of more than one organization at the same time. This will help enable contract/consultancy workflows as well as enabling separate development/production workspaces

It would be good to see all running queries on a duckling and to be able to cancel them. (Similar to show full processlist in mysql for example).

Add query history to the UI and INFORMATION_SCHEMA, details TBD. Should include query properties like job type (SQL, INSERT, etc). If INSERT or similar - data source (files, path etc).

The MD WebUI allows the use of SSO in order to present the user with a login challenge in order to access an MD environment. However the local development story uses a permanent non-expiring token that must be either repeatedly added to an environment variable or written to a local .env file to activate before use. This presents a couple of security smells in which either the device is compromised or the local file is accidentally checked into a code repository on accident. A widely used and more secure pattern would be to have a mechanism to login via SSO and have an time-bound (24 hours) token written to a local file that MD is capable of reading. In this way we can still reap the benefits of repeated use of a single token, while also limiting the potential blast radius of accidentally committing the token. We can maintain a zero trust security policy and challenge users to login in order to obtain their time bound access tokens. An example of this is AWS SSO which challenges the user to login via their SSO identity provider and then issues a time-bound set of AWS credentials to the ~/.aws/sso/cache. This is part of the AWS credential chain that the AWS CLI and libraries understand how to read and use.

Add DDL to rename a database. Actual syntax TBD, but we could do either: ALTER DATABASE <database> SET NAME = <name>; RENAME DATABASE <database> to <name>;

Currently this feature is broken, but works in DuckDB. Reference: https://duckdb.org/dev/profiling.html