zlacker

[return to "Ask HN: How do you safely give LLMs SSH/DB access?"]
1. raw_an+iv1[view] [source] 2026-01-15 01:38:36
>>nico+(OP)
This is the absolutely worse idea possible. The answer is that you don’t. You create a database user that has read only rights and you allow Claude to use that user.

You could do the same for your SSH user.

I’m assuming your database doesn’t have PII, if it does even that would be out of the question unless you gave the database user only access ti certain tables.

Now that I think about it, that’s not even a good idea since a badly written select statement can cause performance issues.

◧◩
2. konglo+SJ1[view] [source] 2026-01-15 03:33:02
>>raw_an+iv1
No one I work with has ever been alive and working on a public site where there was a real risk to SQL injection, and they think I am just overly concerned with it.

I’ve given up. Let them get burned.

[go to top]