Hacker News new | ask | show | jobs
by alishobeiri 1023 days ago
So the way that we enforce it, is that we only generate SELECT queries, and do a post process verification to make sure that the result is actually only a read-only query.

I think you have a great point though, this should be made much clearer so users can build trust in using the product. Thanks a lot for the feedback!
2 comments
e12e 1022 days ago
> So the way that we enforce it, is that we only generate SELECT queries, and do a post process verification to make sure that the result is actually only a read-only query.

So it will select from functions?

  CREATE OR REPLACE FUNCTION delete_all_from_table(_tbl regclass)
  RETURNS integer AS
  $func$
  DECLARE
    _r record;
    _count integer = 0;
  BEGIN
    FOR _r IN 
        EXECUTE format('DELETE FROM %s RETURNING *', _tbl)
    LOOP
        _count := _count + 1;
    END LOOP;

    RETURN _count;
  END
  $func$  LANGUAGE plpgsql;
SELECT delete_all_from_table('users');
link
panarky 1022 days ago
What safeguards prevent the LLM from generating Cartesian products?
link