Page tree
Skip to end of metadata
Go to start of metadata

Understand the risks

Since the question comes back often, and the impact of misunderstanding the security model can be high, we want to restate the risks which are explained on various other pages:

  • SQL products are prone to SQL Injection attacks. This is a type of vulnerability where an attacker uses an SQL field to write a command that will read, write or delete data that isn't supposed to be accessed.
  • Play SQL Base and Play SQL Spreadsheets, by definition, allow users to write free-from SQL in various parts of the application. No constraints can be put on this SQL, given the variety of commands that need to be allowed.
  • Therefore the security model of those products is that anyone with access to Confluence may view, edit and delete all data in the database.
  • The fact that permissions or visibility criteria are applied in a given place doesn't mean the data can't be accessed. A central feature of this product is for users to be able to write SQL queries, therefore you should consider there will always be a way to view this data.

Since this has sometimes been a misunderstanding for some customers, we wanted to make this statement explicit.

The use of the name "Spreadsheet" often raises questions for this product, so this page will clarify the discussion.

  • Evaluation and refund: In any case, please remember that you can evaluate the product and cancel the purchase within 30 days in case you think the current feature set doesn't match the expectations of "Spreadsheets".
  • Upgrades for one year: This is a start-up product and I'm working hard to make it become a steady business. Look at the frequency of the releases on the Marketplace: It's astonishing! If you buy the product today, you automatically benefit from new features during one year!
  • Discounted initial price: The first versions have a reduced set of features and the price was discounted accordingly. Buy today, and you won't have to pay the full price.

What does "Play SQL Queries" (free product) consists of?

Some people need to fetch information from databases and display it in Confluence. Play SQL Queries can perform SQL queries to external databases, in read-only mode, to show the results on a Confluence page.

Play SQL macros can be connected to the Charts plugin to graph the data.

What does "Play SQL Spreadsheets" (paid product) consists of?

The name "Play SQL Spreadsheets" was chosen for communication reasons, to align user's expectation with the product trajectory over the year. It's more than a database administration tool because it targets non-DBA users with user-friendly UX. It's more than a traditional desktop tool because it stores data in interoperable, reliable SQL databases.

"Play SQL Spreadsheets" links:

  • Your Confluence site <-> a Postgresql database;
  • Each space <-> a database schema.

From a Confluence space, you can:

  • create a table,
  • edit cells,
  • add/remove lines,
  • add/remove columns, 
  • change column types

It doesn't feel like it, but you're seamlessly modifying a database.

This user interface is what you would expect from a spreadsheet tool. You can as well perform calculations using SQL queries, even though it is currently mundane. This will be improved in the future versions.

  • No labels