[Cubicweb] SELECT * in RQL ?
aurelien.campeas at logilab.fr
Fri Sep 27 16:30:18 CEST 2013
On 27/09/2013 16:10, Yann Cointepas wrote:
> Thank you for your answers, it helps.
> Do you think it could be possible to modify RQL syntax to include the
> request forgery proposed by Nicolas (for instance, a single request "Any
> X* WHERE X is MyType" (or any other syntax) would provide the same result) ?
> It would be very useful, for instance, to make it possible to create URI
> for downloading data. For instance :
I can see why you think this is useful.
- the * syntax reeks of python "import *"/sql "select *" which is both
unreadable and unpredictable
- the end-user supplied ?rql=.... is going to be killed (as soon as we
find the time to do it) since it is basically a wide open door to
denial of service attacks.
More information about the Cubicweb