Ad-hoc SQL query builder for Python3?
Rich Shepard
rshepard at appl-ecosys.com
Sun Apr 25 15:51:11 EDT 2021
On Sun, 25 Apr 2021, Alan Gauld via Python-list wrote:
> I assume you understand the huge risks involved in such a tool. Letting
> users loose on their own data (and possibly other peoples) allows for huge
> potential damage/data loss etc.
Alan,
I disagree about the risk. Regardless of the form of the Select statement it
does not delete any rows. Users will be able to specify attributes (columns)
and instances (rows) but not delete or update any table.
> You can reduce the risk by finding ways to limit the access to read-only
> and tightly controlling which tables etc can be accessed.
> But many SQL builder tools don't do that and simply provide a way to
> create queries, including drop table, delete from etc. (Quite reasonably
> since they are usually aimed at DBAs rather than ordinary users)
That's if the inclusion of the tool allows it.
Of course, if the user knows SQL they could do what they want directly on
the database ignoring the application entirely. If they knew enough to do
this they would be using a database rather than a spreadsheet in the first
place. :-)
Regards,
Rich
More information about the Python-list
mailing list