Warning: Beware of the risks of running SQL queries from frontend in public-facing apps, especially with LLMs

[drivian]

Beware of the risks of using running SQL queries directly from client side in public-facing applications, especially with LLMs, due to SQL & prompt injection risks. The SQL Tool in the tool library is not recommended to be used in public-facing applications due to these risks. PR 55 introduces more filters for malignant SQL queries / script injections, but do not guarantee protection against all attacks, as there are inherent risks in executing unparametrized SQL queries.

See LangChain's note on a similar topic (link):
"Building Q&A systems of SQL databases requires executing model-generated SQL queries. There are inherent risks in doing this. Make sure that your database connection permissions are always scoped as narrowly as possible for your chain/agent's needs. This will mitigate though not eliminate the risks of building a model-driven system. For more on general security best practices, see here