issues: 268469569

This data as json

id node_id number title user state locked assignee milestone comments created_at updated_at closed_at author_association pull_request body repo type active_lock_reason performed_via_github_app
268469569 MDU6SXNzdWUyNjg0Njk1Njk= 39 Protect against malicious SQL that causes damage even though our DB is immutable 9599 closed 0   2857392 4 2017-10-25T16:44:27Z 2017-11-05T02:53:47Z 2017-11-05T02:53:47Z OWNER   I’m currently operating under the assumption that it’s age to allow arbitrary SQL statements because we are dealing with an immutable database. But this might not be the case - there are some pretty weird SQLite language extensions (ATTACH, PRAGMA etc) and I’m not certain they cannot be used to break things in a way that would affect future requests to the API. Solution: provide a “safe mode” option which disables the ?sql= mechanism. This still leaves the URL filter lookups, so I need to make sure that those are “safe”. In the future I may also implement a whitelist option where datasets can be configured to only allow specific filters againstvsoecific columns. 107914493 issue    

Links from other tables

Powered by Datasette · Query took 1.808ms