|
|
|
|
|
|
by laxk
524 days ago
|
|
|
DB Level: - Create SQL credentials for LLM queries that will have limited access (exclude sensitive fields, tables, views etc) and read-only access. - Use SQL views to avoid/exclude access to specific fields. App Level: - Use SQL linters and treat input as a regular user input. - Convert the SQL query string into a query tree, escape ALL fields and then assemble the query back. |
|
|