3

https://data.stackexchange.com/ lets me query some (all?) of stackexchange's data/tables using arbitrary SQL queries, including parametrization.

What program do they use to do this and is it published?

I want to create something like this myself (different data), but am constantly worried that I'll miss an injection attack or set permissions incorrectly.

Obviously, data.stackexchange.com has figured out how to do this securely. How do I replicate what they've done?

This follows up my earlier question: Existing solution to share database data usefully but safely?

Community
  • 1
  • 1
Barry Carter
  • 456
  • 1
  • 4
  • 9
  • If you're using Windows, you can expose your data with ODATA (Microsoft WCF) and set filters to dynamically alter or throttle inbound queries. – makerofthings7 Mar 26 '14 at 14:32
  • data.stackexchange.com software is open source. Have a look https://code.google.com/p/stack-exchange-data-explorer/ – Adi Mar 26 '14 at 14:36
  • @Adnan Thanks! That's exactly the info I needed. Could you turn that into an answer so I can approve it? –  Mar 26 '14 at 15:32
  • @barrycarter I'd love to, but I wouldn't feel so good about the rep I'll earn from it. – Adi Mar 26 '14 at 15:44
  • @Adnan: Then make it a community wiki. – Jens Erat Mar 26 '14 at 16:36
  • @barrycarter if you have found more information on this topic you cuold add a answer on your own and accept it - I would like to read more about the topic. – Daniel May 21 '14 at 00:34
  • 1
    @Daniel Nothing above what the google code already has. The basics appear to be 1) create READONLY users (and, even then, be careful with what access you GRANT), 2) prevent injection attacks. My current efforts/notes (not very good): https://github.com/barrycarter/bcapps/blob/master/bc-run-mysql-query.pl The SQLite3 version which works fine (because you can make the entire db read only since it's a single file): https://github.com/barrycarter/bcapps/blob/master/bc-run-sqlite3-query2.pl –  May 21 '14 at 22:40

0 Answers0