Beyond unauthorized data access, what security considerations should I have regarding a user-facing language based on SQL SELECT statements?

I’m considering making a new language based on SQL SELECT statements to allow users to export CSV data in the manner they please. I’m confident in being able to interface this with a permissions system by inspecting the resulting AST from parsing before turning it into a SELECT statement to execute, so I’m not really concerned about this leading to unauthorized data access.

This language would be pretty much a 1-to-1 mapping of SQL SELECT statements, except for a few changes regarding joins and a few other things.

Users are relatively few and can be easily traced and contacted. It’s not the public at large.

The underlying DB would be MariaDB.

What should I be concerned about from this idea? If it’s a bad idea, why?

I thought about the possibility of making a query that doesn’t terminate by using WITH RECURSIVE, so I’m not going to support that syntax, and I made the following question at the DBA SE to see what other ways a SELECT statement could be non-terminating (I thought of a few more while writing that question):

What are all the ways that a SELECT statement could be made to not terminate or take a very long time?

Besides that, is there anything more? Any particular risk? Is it possible to make some type of resource bomb with it, to consume all memory for example?

Access to this language could be put under a permission so only very privileged users could use it, but I wonder if that’s needed.

What balance considerations should I make if I remove the Corruption and/or Insanity mechanics from Shadow of the Demon Lord?

In Shadow of the Demon Lord, there are mechanics that help portray its dark fantasy world. “Insanity” arises from undergoing stressful situations, whereas “Corruption” accumulates as the the character commits evil or dark acts. Both have tangible effects for the character (a high Corruption character would be impossible to resurrect, for example).

Suppose that a group would enjoy the general underlying gameplay, but not the darkness necessitated by the setting.

If I were to remove Corruption and Insanity from the game, what parts of the system would I have to tailor or remove so that the game remains fair?

Security considerations when selling a printer

Ive got an HPW2228H laser printer, which i have used for about a year, which I wish to sell.

Are there any security issues to consider when selling a printer that has been used.

My considerations so far have been :

  • Would any previously printed / scanned documents be viewable / recallable by the purchaser
  • Would any wifi passwords stored on the computer be accessible to the purchaser

Adding IDs to urls to open up namespace – SEO considerations?

I’m working with a site that has millions of pages along the lines of:

domain.com/entity/John_Smith domain.com/entity/Google domain.com/entity/HTML 

One of the problems is that particularly for people names, there are lots of duplicates, so we end up with

domain.com/entity/John_Smith domain.com/entity/John_Smith_(explorer) domain.com/entity/John_Smith_(politician) 

We instead want to move to a url scheme (much like StackExchange) like:

domain.com/entity/1234/John_Smith (where 1234 is a unique ID).

I assume that if we:

  • put in 301 redirects from every old page to new page
  • updated our sitemap with the new urls

then we’ll be pretty much covered. But could there be any short-term SEO implications that we should expect? (Dips in traffic, etc.?) Are there any pieces of this puzzle that we’re missing?

Prioritising UX Design Considerations

Does anybody use “Analytical Hierarchy Process” to prioritise their UX design considerations?

I am very often been in the position where I am impounded by different criterias and alternatives for any given design quality like usability and easy of use.

Will be great help to know if anybody is taking advantage of any other statistical models for making a UX design decision.

What considerations should I mind when designing methods or functions that take in a lot of parameters?

What considerations should I mind when designing methods or functions that take in a lot of parameters? A lot meaning over 4 but less than 10.

Example, I am debating whether to pass in an array like so:

function makeAssembly(array $  params) {     $  pump = $  factory->fromModelNumber($  params['modelNumber'], $  params['stages'], $  params['x']);             $  motor = $  factory->createMotor($  params['frameId'], $  params['productId'], $  params['x']); } 

versus spelling out parameters in the method header:

function makeAssembly($  modelNumber, $  stages, $  x, $  frameId, $  productId) {     $  pump = $  factory->fromModelNumber($  modelNumber, $  stages, $  x);     $  motor = $  factory->createMotor($  frameId, $  roductId, $  x); } 

Is there a way that is clearly better or are both interchangeable?

In particular, are there any tenants that can be attributed to dependency injection, such as Tell Don’t Ask principles that can be reused in this case as well?

Considerations for securing a computer on an open LAN?

Im about to move to a serviced office where they have an open LAN. Eg. no VLANs for individual companies. The room itself is locked so the main treats would be from cyber security, rather than physical.

Im trying to thing through the possible considerations for security and what i should add / amend.

Ive got a VOIP phone, which ive locked down it webGUI with a strong unique password.

The only sharing setting i have enabled on my computer is remote access via Apple Remote Desktop, which is secured with a strong unique password.

As with most people now a days all the applications we use are SSL and our email is with Google Apps for business which i understand is encrypted in transit.

I have Sophos AV Home installed on my computer.

The computer is a Macbook Pro running OSX 10.14.x