You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: text2sql/README.md
+10Lines changed: 10 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -161,3 +161,13 @@ The top-performing product by quantity of units sold is the **Classic Vest, S**
161
161
- Clearly state in the **selector** what sorts of questions a given view / table can provide answers for.
162
162
- Use common codes for columns that need filtering e.g.
163
163
- A country can have multiple text representations e.g. United Kingdom or UK. Use ISO codes for countries, instead of text descriptions to increase the likelihood of correct and valid SQL queries.
164
+
165
+
## Production Considerations
166
+
167
+
Below are some of the considerations that should be made before using this plugin in production:
168
+
169
+
- Despite prompting to only produce **SELECT** statements, there is a danger that dangerous SQL statements could be generated.
170
+
- Consider adding validation of the SQL query before it is executed to check it is only performing actions that you allow.
171
+
- Consider limiting the permissions of the identity or connection string to only allow access to certain tables or perform certain query types.
172
+
- If possible, run the queries under the identity of the end user so that any row or column level security is applied to the data.
173
+
- Consider data masking for sensitive columns that you do not wish to be exposed.
0 commit comments