Hacker News new | past | comments | ask | show | jobs | submit login

Maybe I am biased, but at this point I would find simpler to just give access to the DB.

Let user write their own SQL queries and meter how much time they use for billing or abuse prevention.




Did you know that databases can read from disk?

Databases are huge security vulnerabilities and should always have some kind of shim over them. Never expose your relational DB publicly if you want any control over it.


So can the services providing http APIs. What does that have anything to do with security?


At that point you might as well just let them download the .sqlite file ;)

Or (as is the fashion recently) compile sqlite to wasm and run it in browser.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: