Hacker News new | ask | show | jobs
by throwaway49849 850 days ago
Wouldn't the AI-generated query need knowledge of the CTE that will be wrapping it? How would the CTE prevent arbitrary joins, or access to tables that use the fully-qualified `schema.table`? And couldn't somebody execute any arbitrary function on the SQL server? Example `pg_sleep(9999999)`.
1 comments
moltar 849 days ago
You could set a low query execution timeout for the session.
link
throwaway49849 848 days ago
It's an incomplete solution.
link