https://data.stackexchange.com/ lets me query some (all?) of stackexchange's data/tables using arbitrary SQL queries, including parametrization.

What program do they use to do this and is it published?

I want to create something like this myself (different data), but am constantly worried that I'll miss an injection attack or set permissions incorrectly.

Obviously, data.stackexchange.com has figured out how to do this securely. How do I replicate what they've done?

This follows up my earlier question: Existing solution to share database data usefully but safely?

  • If you're using Windows, you can expose your data with ODATA (Microsoft WCF) and set filters to dynamically alter or throttle inbound queries. Mar 26, 2014 at 14:32
  • data.stackexchange.com software is open source. Have a look code.google.com/p/stack-exchange-data-explorer
    – Adi
    Mar 26, 2014 at 14:36
  • @Adnan Thanks! That's exactly the info I needed. Could you turn that into an answer so I can approve it?
    – user354134
    Mar 26, 2014 at 15:32
  • @barrycarter I'd love to, but I wouldn't feel so good about the rep I'll earn from it.
    – Adi
    Mar 26, 2014 at 15:44
  • 1
    @Daniel Nothing above what the google code already has. The basics appear to be 1) create READONLY users (and, even then, be careful with what access you GRANT), 2) prevent injection attacks. My current efforts/notes (not very good): github.com/barrycarter/bcapps/blob/master/bc-run-mysql-query.pl The SQLite3 version which works fine (because you can make the entire db read only since it's a single file): github.com/barrycarter/bcapps/blob/master/…
    – user354134
    May 21, 2014 at 22:40


Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Browse other questions tagged or ask your own question.