I'm new to the world of laravel development I came across a package to generate natural queries for the database called "laravel-ask-database", is there a way I can restrict which tables this package has access to?
Asked
Active
Viewed 20 times
1 Answers
1
The laravel-ask-database is getting the all table list from db schema line 34:
protected function getTables(string $question): array
{
return once(function () use ($question) {
$tables = DB::connection($this->connection)
->getDoctrineSchemaManager()
->listTables();
if (count($tables) < config('ask-database.max_tables_before_performing_lookup')) {
return $tables;
}
return $this->filterMatchingTables($question, $tables);
});
}
And there is no configurable filter. However, as an option to protect tables, you can create an additional MySQL user named laravel-ask-database with custom-specific table privileges.
To add the custom laravel-ask-database connection to config/database.php, use the following configuration:
'connections' => [
...
'laravel-ask-database' => [
'driver' => 'mysql',
'host' => env('DB_HOST', '127.0.0.1'),
'port' => env('DB_PORT', '3306'),
'database' => env('DB_DATABASE', 'forge'),
'username' => 'laravel-ask-database',
'password' => ...,
...
],
...
]
next change the default value of ask-database.connection (config/ask-database.php) via .env file:
ASK_DATABASE_DB_CONNECTION=laravel-ask-database
This will not protect the construction of SQL queries for restricted tables, but it will protect access to them.
Alternative ways:
- Fork the project or make a pull request.
- Avoid using restricted table names in prompts.
hope this helps you
Alisher Gafurov
- 449
- 5
- 15