Hi
Hi Dave,
There is a possibility of SQL Injection (if we don't use qtLiteral.
We need some kind of check for this.
What do you say?
The user is already logged in, and could run the query tool anyway to do anything their privileges allow.
Do you see an escalation vector that I’m missing?
I re-added the hackers list for any other opinions.