On Mon, 5 Apr 2004 11:11:36 -0700 (PDT), Chris Mungall wrote:
>
> I would like to provide power-users with a CGI interface to a
> database;
> this interface would allow arbitrary SQL.
Including 'delete from foo' ?
I hope you are getting authenticated signons and passing the username and password
into your database. Otherwise, at the very best, you are open to a bad mistake ('Oh, I
thought that was the development server') and let's not even talk about the worst case.
Or are all your database objects set so that the pool logins read-only?
Been there, done that, and you don't want the T-shirt I got. :-)
--
Matthew O. Persico
