# HG changeset patch
# User František Kučera <franta-hg@frantovo.cz>
# Date 1622313839 -7200
# Node ID 66070d82e12b375039d7c489aae119d746b7b6f0
# Parent  ab7f333f1225547b16ac297af153e8eabc41a66c
relpipe-in-sql: security note

diff -r ab7f333f1225 -r 66070d82e12b relpipe-data/examples-in-sql-reading-sql.xml
--- a/relpipe-data/examples-in-sql-reading-sql.xml	Tue May 11 22:26:48 2021 +0200
+++ b/relpipe-data/examples-in-sql-reading-sql.xml	Sat May 29 20:43:59 2021 +0200
@@ -83,7 +83,15 @@
 		SQL scripts can be used for storing relational data as an alternative to other human-readable and human-editable text formats like XML, CSV or Recfiles.
 		And compared to the other formats, SQL scripts may contain even some logic (e.g. call SQL functions) or views.
 	</p>
-		
+	
+	<p>
+		n.b. The SQL script does not contain only data – it is an executable script and running it might be dangerous.
+		Depending on SQL engine used (the default one is SQLite, but others like PostgreSQL or MySQL/MariaDB can be used),
+		such script may call various functions and some of them might read or write local files or do some other unsafe operations.
+		Thus the SQL scripts comming from untrusted sources must be carefully reviewed or executed in an isolated environment (sandbox).
+		We can run <code>relpipe-in-sql</code> using <code>sudo</code> under an unprivileged account or using <code>ssh</code> doing the same even on a remote machine (virtual od physical one or a container dedicated for such dirty work).
+		Or we can use the <code>--data-source-name</code> or <code>--data-source-string</code> options and run such script on a remote DBMS under an unprivileged database account or on a sandbox database that will be destroyed or refreshed after use.
+	</p>
 		
 	</text>