zlacker

[parent] [thread] 3 comments
1. raw_an+(OP)[view] [source] 2026-01-15 01:38:36
This is the absolutely worse idea possible. The answer is that you don’t. You create a database user that has read only rights and you allow Claude to use that user.

You could do the same for your SSH user.

I’m assuming your database doesn’t have PII, if it does even that would be out of the question unless you gave the database user only access ti certain tables.

Now that I think about it, that’s not even a good idea since a badly written select statement can cause performance issues.

replies(3): >>waste_+Jc >>konglo+Ae >>reacto+Og
2. waste_+Jc[view] [source] 2026-01-15 03:11:00
>>raw_an+(OP)
I have mostly stopped reading AI related posts here, because everytime I see something like what the OP is doing it gives me the horrors.
3. konglo+Ae[view] [source] 2026-01-15 03:33:02
>>raw_an+(OP)
No one I work with has ever been alive and working on a public site where there was a real risk to SQL injection, and they think I am just overly concerned with it.

I’ve given up. Let them get burned.

4. reacto+Og[view] [source] 2026-01-15 03:53:43
>>raw_an+(OP)
This. On a read-replica.

Any updates or writes go through a tool that sanity checks everything.

My rm tool (dangerous!) meticulously parses the input and pattern matches to prevent deleting essential files. It also prevents rm from being called outside the project directory.

You can’t trust the agents to do the right thing the first time, you steer them with error messages and gates that allow them only one path.

[go to top]