I've got a range of tables (CSV files) I'd like to expose through a public-facing web api, that can be queried using SQL.
So something like http://...?sql=SELECT & FROM tablename. Now, obviously I can't just accept any SQL query (especially not INSERTs and UPDATEs), but what services and options do I have for either query sanitisation, and/or "safe" databases.
For a relatively low-traffic website, I'm considering storing data in a read-only sqlite database, and ensuring the database client has a low timeout value. With a bit of caching, this shouldn't be a performance problem, but I'm still wondering if it's safe?
Any suggestions or insights?
Aucun commentaire:
Enregistrer un commentaire