On 2021-04-25 00:05:44 +0100, Alan Gauld via Python-list wrote: > On 24/04/2021 15:24, Rich Shepard wrote: > > My web searches are not finding what I need to include in an application I'm > > building: an ad-hoc sql query builder.
What should that sql query builder build the queries from? Or in other
words what is the user supposed to input?
> > End users will want to query their data for reports not included in the
> > built-in queries.
>
> I assume you understand the huge risks involved in such a tool.
> Letting users loose on their own data (and possibly other peoples)
> allows for huge potential damage/data loss etc.
>
> You can reduce the risk by finding ways to limit the access
> to read-only and tightly controlling which tables etc can be
> accessed.
Yes.
> But many SQL builder tools don't do that and simply
> provide a way to create queries, including drop table,
The SQL builder tool isn't the right place to do this. Access privileges
need to be managed in the database.
hp
--
_ | Peter J. Holzer | Story must make more sense than reality.
|_|_) | |
| | | h...@hjp.at | -- Charles Stross, "Creative writing
__/ | http://www.hjp.at/ | challenge!"
signature.asc
Description: PGP signature
-- https://mail.python.org/mailman/listinfo/python-list
