vicidial.org

[martinch]

Hey guys, back with another update. I created a new admin utility for mDial and was wondering if there would be any interest in a backport to ViCiDial.

SQL Runner is a simple admin utility tucked away in the Admin Utilities on the Admin Panel that simply runs your SQL queries. This negates the need for ViCi administrators to install phpMyAdmin or some other third party SQL application. If you want to go completely minimal and barebones on your ViCi installation, this "may" be up your alley. It's a user level 9 only utility is destructive so I recommend you use it with care. As for SQL injection, any attempt to inject SQL outside of this utility into any other admin page will result in a 403 Forbidden response. It might be useful to some...probably useless to many though as always appreciate feedback and patches will make their way onto Mantis at some point in the future. Cheers guys.

[mflorell]

Utilities like this area great for people that know what they are doing, but catastrophic for people that don't, as we've seen many times in the past since years ago we used to install PHPMyAdmin in VICIdial systems but stopped doing that because of all of the disasters that it brought. If we were to include a utility like this in the VICIdial codebase, it would probably be stored safely in the 'extras' directory where it could do no harm unless someone manually copied it to the web directory.

[martinch]

Utilities like this area great for people that know what they are doing, but catastrophic for people that don't, as we've seen many times in the past since years ago we used to install PHPMyAdmin in VICIdial systems but stopped doing that because of all of the disasters that it brought. If we were to include a utility like this in the VICIdial codebase, it would probably be stored safely in the 'extras' directory where it could do no harm unless someone manually copied it to the web directory.

Ahhh. Yes, this utility has destructive power...with great power comes great responsibility. My target market with this piece is the highest level administrator, the person who administers the stack and the person responsible for the entire ViCi cluster. We can tuck this away in the extras folder for those admins who want to run ViCi nice and lean...but yeah, this probably wouldn't be in the main codebase unless it was fortified to all hell. Actually, I was thinking of making this a SQL Query Simulator (in terms of UPDATE and INSERT) and leave the SELECT be. Do you think that would be of any use if we nerf it? But yeah, good ole mysql command would do you and I

[mflorell]

I have no problem at all including something like this in the extras directory, but I would suggest a "preview" step where you have to view and confirm what you want to run before the SQL is actually executed, kind of like we do with the Bulk Tools currently.

[martinch]

I have no problem at all including something like this in the extras directory, but I would suggest a "preview" step where you have to view and confirm what you want to run before the SQL is actually executed, kind of like we do with the Bulk Tools currently.

This is a good idea I'll add that in for sure. Thanks Matt