On Sun, 25 Apr 2021, Alan Gauld via Python-list wrote:
I assume you understand the huge risks involved in such a tool. Letting users loose on their own data (and possibly other peoples) allows for huge potential damage/data loss etc.
Alan, I disagree about the risk. Regardless of the form of the Select statement it does not delete any rows. Users will be able to specify attributes (columns) and instances (rows) but not delete or update any table.
You can reduce the risk by finding ways to limit the access to read-only and tightly controlling which tables etc can be accessed.
But many SQL builder tools don't do that and simply provide a way to create queries, including drop table, delete from etc. (Quite reasonably since they are usually aimed at DBAs rather than ordinary users)
That's if the inclusion of the tool allows it. Of course, if the user knows SQL they could do what they want directly on the database ignoring the application entirely. If they knew enough to do this they would be using a database rather than a spreadsheet in the first place. :-) Regards, Rich -- https://mail.python.org/mailman/listinfo/python-list
