The discussion is moved to the security channel. Please don’t respond here.
Denis On Friday, June 26, 2020, Jinny Ramsmark <[email protected]> wrote: > Hello! > > I have a client who has designed an application where the user can input > SQL directly in the browser and send it to the application. > The application will then use the H2 database in Ignite to join data taken > from a Mongo database for analytical purposes which will then be displayed > in the browser (graphs etc). > I have argued that this solution is dangerous as I was able to execute > code on the server via the H2 database because of the "SQL injection by > design". > > As it stands right now their argument is that: > > - Ignite has been updated to 2.8.1 which makes the user account for H2 > not run as SA anymore. > - The data that is loaded into the database is meant to be available > to the user anyway, so it doesn't matter (although the data is extremely > sensitive for anyone not authorized to see it). > > In all other cases I would still tell them that SQL injection = bad, but > they refuse to rethink the design. > > My question is if Ignite and H2 is designed to work like this? > Are there any other risks I can use for my argument or shall I give up and > tell them that it's okay? > My instincts tell me that this is an all out bad idea since a database is > normally not made to be used like this, since database servers often can do > so much more than simply get data. > My current worry is that H2 can do something else that I haven't thought > about yet, that can make this design even more dangerous. > > Any other perspectives and insights on this would be really helpful. > > Kind regards, Jinny > > -- - Denis
