[Cubicweb] SELECT * in RQL ?

Aurélien Campéas aurelien.campeas at logilab.fr
Fri Sep 27 16:30:18 CEST 2013


On 27/09/2013 16:10, Yann Cointepas wrote:
> Thank you for your answers, it helps.
>
> Do you think it could be possible to modify RQL syntax to include the
> request forgery proposed by Nicolas (for instance, a single request "Any
> X* WHERE X is MyType" (or any other syntax) would provide the same result) ?

-1

>
> It would be very useful, for instance, to make it possible to create URI
> for downloading data. For instance :
> "https://somewhere.rql:8080/view?rql=Any+X*+WHERE+X+is+MyTypet&vid=csvexport"

I can see why you think this is useful.
However:

- the * syntax reeks of python "import *"/sql "select *" which is both
   unreadable and unpredictable

- the end-user supplied ?rql=.... is going to be killed (as soon as we
   find the time to do it) since it is basically a wide open door to
   denial of service attacks.




More information about the Cubicweb mailing list