Enable Badge SQL

Documentazione Self-Hosting
,
1

:bookmark: This guide explains how to enable Badge SQL in Discourse and discusses the associated security and performance risks.

:person_raising_hand: Required user level: Administrator
:warning: Enabling Badge SQL can pose security and performance risks.

To maintain security and performance integrity, as of Discourse 1.6, the ability for administrators to edit badge SQL directly is disabled by default. The two primary concerns around enabling Badge SQL are:

  1. Security: Allowing direct SQL entry provides raw database access through the web UI, increasing the potential for sensitive data exposure. Despite queries returning only user_ids, an admin could exploit these queries to unearth information. For example, a query could uncover if column A of table Y has a particular value based on the user_id returned.
  2. Performance: Crafting efficient badge SQL queries is complex. Inexperienced administrators might create queries that put a substantial load on the database, affecting overall site performance.

For those who still wish to enable it, you can receive full SQL authoring access by executing the following command in your Discourse server:

./launcher enter app
rails c
SiteSetting.enable_badge_sql = true

If you are an Enterprise customer, please reach out to the Discourse team through personal message (@team on Meta) or email at team@discourse.org to enable SQL for badge queries.

For non-SQL badge configurations, Standard and Business customers can follow an alternate method for granting custom badges using the Discourse API.

Additional notes

  • The configuration SiteSetting.enable_badge_sql = false remains the default setting, preventing any new SQL badge authoring. Already existing badges will continue functioning with their current SQL.
  • After setting up your badges, you can safely disable Badge SQL to prevent future changes.
  • All settings are subject to global configuration. In your container configuration, using DISCOURSE_ENABLE_BADGE_SQL: true can enable this feature.
59 Mi Piace
Are automatic badge triggers still available?
SQL Free Badge Editing
"Trigger" text field not showing up when creating custom badge
Some common badge queries
Indicate member is deactivated on their usercard and/or avatar
Create automatic badges
As an admin, I'm unable to see the full list of grantable badges
How do I make my own badge query?
Discourse-Math badge
Can't find badge criteria box
Request: Custom Badge SQL for total Like count
Create badges based on Gamification score
Badge Query SQL edit box is disabled until page is refreshed
A question re the Solved plugin and Badge SQL
Where do I need to enter my Badge Query?
Create a "Diary writer" badge
How does Meta handle the bug reporter badge?
Is it possible to have a badge for 100 solutions?
Discourse Gamification
Help me get Discourse set up for the first time
Grant a custom badge through the API
Creating custom badge with custom rules
What is the bug reporter badge?
Query to create some groups based on activity
Be able to manually change badge status to “not grantable”
Locked query field for system badges
Bulk Award a badge to a set of users
How to limit trust level on group?
Customizing Trust Levels
Can I create a badge for 'new contributors'?
Can I change the threshold of the Solved badges?
Help me get Discourse set up for the first time
When editing badge updated parameters are not visible after saving
404 when clicking on badge link (which shouldn't exist)
How are user titles generated?
Grant a badge to individual users manually
Give emblem from other emblems
[PAID] Allow badges to be granted in restricted categories
A Simple Way to Grant Badges en-masse?
Configure Patreon integration with Discourse
Creating triggered custom badge queries
How to grant badges using Automation?
Add Badge to Solve answer
Discourse as an LMS / Discourse integration with an LMS
Get Discourse to read and issue OpenBadges?
Badge system in discourse