For https://agent.datasette.io/ I found myself wanting to configure the site to allow execute-sql against the /content database (for a Datasette Apps demo) but without enabling database or table browsing, purely because I'd like to avoid crawlers hammering the databases on that site, I want browse to be for logged in users only.
Currently you can't set execute-sql on a database without also setting view-database. This is because I wanted to discourage people from getting confused and assuming they had blocked access when actually execute-sql means you can select * from sqlite_master and then explore the database as much as you like.
I ended up having to use this config:
databases:
content:
permissions:
view-database: true
view-table:
id: "*"
allow_sql: true
This allows viewing the database executing sql, but restricts view-table to just users with a valid user ID.
Result: https://agent.datasette.io/content looks like this to signed-out users:
This has the desired effect - no tables to crawl, public queries are public as intended, user's can execute any SQL they like.
But the config was pretty confusing to figure out!
If execute-sql could be enabled without view-database this would have been a whole lot easier.
For https://agent.datasette.io/ I found myself wanting to configure the site to allow
execute-sqlagainst the/contentdatabase (for a Datasette Apps demo) but without enabling database or table browsing, purely because I'd like to avoid crawlers hammering the databases on that site, I want browse to be for logged in users only.Currently you can't set
execute-sqlon a database without also settingview-database. This is because I wanted to discourage people from getting confused and assuming they had blocked access when actuallyexecute-sqlmeans you canselect * from sqlite_masterand then explore the database as much as you like.I ended up having to use this config:
This allows viewing the database executing sql, but restricts
view-tableto just users with a valid user ID.Result: https://agent.datasette.io/content looks like this to signed-out users:
This has the desired effect - no tables to crawl, public queries are public as intended, user's can execute any SQL they like.
But the config was pretty confusing to figure out!
If
execute-sqlcould be enabled withoutview-databasethis would have been a whole lot easier.