Skip to content

Should execute-sql work without view-database? #2772

Description

@simonw

For https://agent.datasette.io/ I found myself wanting to configure the site to allow execute-sql against the /content database (for a Datasette Apps demo) but without enabling database or table browsing, purely because I'd like to avoid crawlers hammering the databases on that site, I want browse to be for logged in users only.

Currently you can't set execute-sql on a database without also setting view-database. This is because I wanted to discourage people from getting confused and assuming they had blocked access when actually execute-sql means you can select * from sqlite_master and then explore the database as much as you like.

I ended up having to use this config:

databases:
  content:
    permissions:
      view-database: true
      view-table:
        id: "*"
    allow_sql: true

This allows viewing the database executing sql, but restricts view-table to just users with a valid user ID.

Result: https://agent.datasette.io/content looks like this to signed-out users:

Image

This has the desired effect - no tables to crawl, public queries are public as intended, user's can execute any SQL they like.

But the config was pretty confusing to figure out!

If execute-sql could be enabled without view-database this would have been a whole lot easier.

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions