Ad-hoc SQL query builder for Python3?
Peter J. Holzer
hjp-python at hjp.at
Sun Apr 25 17:01:18 EDT 2021
On 2021-04-25 00:05:44 +0100, Alan Gauld via Python-list wrote:
> On 24/04/2021 15:24, Rich Shepard wrote:
> > My web searches are not finding what I need to include in an application I'm
> > building: an ad-hoc sql query builder.
What should that sql query builder build the queries from? Or in other
words what is the user supposed to input?
> > End users will want to query their data for reports not included in the
> > built-in queries.
>
> I assume you understand the huge risks involved in such a tool.
> Letting users loose on their own data (and possibly other peoples)
> allows for huge potential damage/data loss etc.
>
> You can reduce the risk by finding ways to limit the access
> to read-only and tightly controlling which tables etc can be
> accessed.
Yes.
> But many SQL builder tools don't do that and simply
> provide a way to create queries, including drop table,
The SQL builder tool isn't the right place to do this. Access privileges
need to be managed in the database.
hp
--
_ | Peter J. Holzer | Story must make more sense than reality.
|_|_) | |
| | | hjp at hjp.at | -- Charles Stross, "Creative writing
__/ | http://www.hjp.at/ | challenge!"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://mail.python.org/pipermail/python-list/attachments/20210425/3e610446/attachment.sig>
More information about the Python-list
mailing list