Data Explorer menu item disappeared

HAWK · 2017-02-09 09:24:15 UTC

I’m curious about something.

The Data Explorer plugin menu item has disappeared from the AdminCP in a Discourse instance that I have hosted with discoursehosting.com

I asked to have it reinstated and they told me that it was removed on purpose so that people that don’t know what they are doing don’t use it. Apparently it’s by design and was done “by the designers of the software”.

I still have it in my instance that is hosted with Discourse. Can anyone shed any light? I can still access it via the direct link, but it’s less convenient and seems like a fairly weak argument.

sam · 2017-02-08 20:14:13 UTC

We did not hide it, whatever they did, they did using CSS or a custom fork

HAWK · 2017-02-08 20:35:21 UTC

Suspected so. Thanks for the confirmation.

Mittineague · 2017-02-08 20:42:22 UTC

IMHO that’s hogwash. The plugin only does SELECT, and with a built in LIMIT.

True, it does make it easier for an Admin to access what might be considered sensitive information such as email addresses or IPs, but it can not do anything like CREATE, UPDATE, DELETE etc. that could potentially corrupt the database or hang the site.

If they know differently, it should be reported.

HAWK · 2017-02-08 20:44:18 UTC

They’ve apologised for the misinformation and are investigating.

TBH it’s no biggie – I can access it via the URL, but I was curious as to why they weren’t being transparent.

codinghorror · 2017-02-08 21:11:50 UTC

Note that Data Explorer is only offered on business tier of our hosting or higher. You can do some scary stuff with it, security wise, as you have access to the whole db.

RGJ · 2017-02-08 21:47:12 UTC

We install that plugin on all plans.
There was/is some confusion on our side on the menu item, I could have sworn I picked up somewhere that it was made less accessible by removing the menu item. But I think this was about the badge queries.

Addition: I found the cause. We never had that menu item. It was only added in the latest commit of that plugin, and we were running exactly one commit behind since we apparently didn’t pull it correctly.

HAWK · 2017-02-09 16:23:31 UTC

Resolved. Life would be much easier (but way less exciting) if I only ran one community.

Thanks all for the input, and to @RGJ for sorting it out promptly.