Configure the Default Operations Generated for Database Mashable
When users or
MashZone NextGen administrators register simple or custom mashables for databases,
MashZone NextGen generates a default set of operations for the tables, views or stored procedures in the selected database.
See Default Operations Available for Database Mashables for details. For simple database mashables, users have no control over which operations are generated. MashZone NextGen administrators can choose which of the default operations are generated for custom database mashables.
Some of these operations have security implications because they allow users to define portions of the SQL statements dynamically. Other operations allow users to insert, update or delete records in tables. Some types of queries have performance implications as they can have excessively large result sets.
In addition to database mashables, mashups can also directly update databases using the <sqlUpdate> statement in EMML or the SQL block in Wires.
You can manage which operations are generated by default for database mashables in the Admin Console.
To configure default operations
1. Click Admin Console in the MashZone NextGen Hub main menu. 2. Expand the Mashable Database Services section and click Service Generator Settings.
3. Change any of the options for Unsecure Operations:
Exclude All Unsecure Operations = this option determines whether users can choose to include operations in database mashables that do not use prepared statements and thus pose a risk of SQL injection attacks.
This is enabled by default. It ensures that the selecttable-name, findtable-nameWhere and findtable-nameByWhereClause operations are not included in any database mashable when the mashable is registered.
If you clear this option, the default availability of these operations is determined by the Include selectTable operations and Include findTableWhereColumn operations options.
Include findTableByWhere operations = this option determines the default availability of the
findtable-nameByWhereClause operation for tables in a given database mashable.
See Arbitrary SQL Queries for Database Mashables for more information on the uses and effects of this operation. This option is enabled, by default.
Include selectTable operations = this option determines the default availability of the
selecttable-name operation for tables in a given database mashable. This operation does not use prepared statements and thus is a potential security risk for SQL injection attacks.
This option is disabled by default. MashZone NextGen administrators can choose, however, to include this operation for custom database mashables unless the Exclude All Unsecure Operations option is set.
Set this option to include the selecttable-name operation by default.
4. Change any of the options for Large Queries:
Include findAllTable operations = this option determines the default availability of the
findAlltable-name operation for tables in a given database mashable. This is true, by default.
These types of options can have really large result sets and thus can have a performance impact.
Include findTableWhereColumn operations = this option determines the default availability of the
findtable-nameWhere operation for tables in a given database mashable. This operation does not use prepared statements and thus is a potential security risk for SQL injection attacks.
This flag is false, by default, but MashZone NextGen administrators can choose to include this operation for custom database mashables unless the Exclude All Unsecure Operations option is set.
5. Change any options for Table Updates:
Include insert operations = determines the default availability for
inserttable-name operations for database mashables which insert records in database tables. This is set by default.
Include update operations = determines the default availability for
updatetable-name operations for database mashables which update records in database tables. This is set by default.
Include delete operations = determines the default availability for
deletetable-name operations for database mashables which delete records in database tables. This is set by default.
Note: | These options also affect the use of the <sqlUpdate> statement in EMML and the SQL block in Wires for mashups. |
6. Click Save Settings.