Locked down by default

[simonw]

The plugin currently accepts any incoming JSON by default, under the expectation that you'll initially be running it on a laptop. The README shows how to secure it.

https://www.bleepingcomputer.com/news/security/new-meow-attack-has-deleted-almost-4-000-unsecured-databases/ reminded me that MongoDB and Elasticsearch are open by default, with the result that people keep on deploying unprotected instances.

So by 1.0 of this plugin I'm going to figure out how to have it secure by default.

[simonw]

Might be as simple as supporting something like an --insecure flag to disable protection.

[simonw]

It's a shame there's no obvious mechanism for passing additional options to datasette my.db that affect how plugins work.

The only way I can think of at the moment is via environment variables:

DATASETTE_INSERT_UNSAFE=1 datasette my.db

This will have to do for the moment - it's ugly enough that people will at least know they are doing something unsafe, which is the goal here.

[simonw]

Or... alternative idea: create a datasette-insert-unsafe plugin which does this instead. Then users have to install that plugin if they want to be able to use this unauthenticated.

There's precedent for this: https://github.com/simonw/datasette-allow-permissions-debug is a plugin which just does the following:

from datasette import hookimpl

@hookimpl
def permission_allowed(action):
    if action == "permissions-debug":
        return True

[simonw]

I implemented the DATASETTE_INSERT_UNSAFE idea in c0ad84d but I don't think I'm going to ship that - I think I'll do the separate datesette-insert-unsafe plugin instead.

[simonw]

Release order here is tricky: I need to release a version of this plugin that defaults to false in order for the unit tests for the new datasette-insert-unsafe plugin to pass so I can release THAT plugin - then I need to update the README here to talk about that.

[simonw]

https://github.com/simonw/datasette-insert-unsafe is released.