The Data Explorer plugin menu item has disappeared from the AdminCP in a Discourse instance that I have hosted with Communiteq (formerly DiscourseHosting)
I asked to have it reinstated and they told me that it was removed on purpose so that people that don’t know what they are doing don’t use it. Apparently it’s by design and was done “by the designers of the software”.
I still have it in my instance that is hosted with Discourse. Can anyone shed any light? I can still access it via the direct link, but it’s less convenient and seems like a fairly weak argument.
IMHO that’s hogwash. The plugin only does SELECT, and with a built in LIMIT.
True, it does make it easier for an Admin to access what might be considered sensitive information such as email addresses or IPs, but it can not do anything like CREATE, UPDATE, DELETE etc. that could potentially corrupt the database or hang the site.
Note that Data Explorer is only offered on business tier of our hosting or higher. You can do some scary stuff with it, security wise, as you have access to the whole db.
We install that plugin on all plans.
There was/is some confusion on our side on the menu item, I could have sworn I picked up somewhere that it was made less accessible by removing the menu item. But I think this was about the badge queries.
Addition: I found the cause. We never had that menu item. It was only added in the latest commit of that plugin, and we were running exactly one commit behind since we apparently didn’t pull it correctly.
