Allow people to run sql on the web free form? Is this a BAD Idea?

[jsladek]

This seems to me that it would be not such a good idea but I'm not too sure of the limits of MySql.

If I had a text box that I let anyone put in their sql and run it on my server (hosting company) would that be a bad idea?

My intention would be to allow them to paste the SQL to create tables but I'm thinking that it would also allow no so well intentioned people to do other things.

As it is now for me to use a database the hosting company I use has an interface where I tell them the name of my database and a username and password for it.  In a short period of time the database will be available to use with phpMyAdmin or my own php code.

I would not be giving out my password info but would they be able to do things like create users, send email, access filesystem and stuff like that with SQL code alone. I guess I'm not farmiliar enough with MySql to know.

TIA,
John Sladek

[AndyB]

[quote author=jsladek link=topic=116657.msg475418#msg475418 date=1164761907]
If I had a text box that I let anyone put in their sql and run it on my server (hosting company) would that be a bad idea?
[/quote]

It's a good idea ... but likely to result in total trauma (for you) when the bozos find your site and 'play' with your database.

[jsladek]

I'm not really concerned about the database tables or what's in them. I think I would drop all current tables before running the sql.  The only thing I really want is the create statements to build their tables and I would want them all at once. (like the export feature of phpMyAdmin creates).

I am just not sure if they would have the power to change the database name, retreive user password, or stuff like that.


-John Sladek

[btherl]

Each user has various priveliges.. in addition, they can only take actions affecting their own databases and tables, unless explicitly given permission to do otherwise.  As long as you set sensible priveliges for your users, they won't be able to do anything evil.

More info here.. http://dev.mysql.com/doc/refman/5.0/en/security.html
And http://dev.mysql.com/doc/refman/5.0/en/security-against-attack.html

The second link contains a list of privileges which may sound reasonable, but will expose you to serious security risks if you grant them.

[fenway]

The real question is why you want to do this at all... you can easily design an expert interface that only allows certain things through, and none of them need to be raw sql.

[jsladek]

Thanks Guys.  I'll have to read up on the accounts and then try to determine what kind of account the Web Hosting company I use is giving me to my own database.  I guess it is in their best interest to keep my account priveliges to the minimum.

The reason I would even do something like this is what I guess you would call scope drift.  I'm working on a project that takes a mySql database and turns it into a php application (actually more like framework). I think it is simple enough to download my application, stick it on your server and let it rip but I'm not 100% sure if it will work on all servers. I've recently had someone download it and try to use it and have troubles. 

I figured I could pretty easily make a form that you can paste all the create statements to create your tables.  On submit of this form I would drop all tables currently in the database then run the sql to build your tables. Then I would call my program and let it write all the code for the framework based on those tables (I've probably lost you by now).  This code will be live, so the user can see their application run.  To go one step further, I could automatically zip up all the code my program wrote and provide a link for the user to download it all as a package.  The user can then just put it on their own site, change the database user/pass/dbname/dblocation and they would be in business (hopefully).

[fenway]

Still no reason to handle raw SQL.